Actions99
- InterACT Actions
- Notification Actions
- Organization Actions
- Task Actions
- Policy Actions
- Repository Actions
- Setting Actions
- Triage Rule Actions
- User Actions
- Acquisition Actions
- API Token Actions
- Asset Actions
- Auto Asset Tag Actions
- Baseline Actions
- Case Actions
- Evidence Actions
Overview
The "Assign Image Acquisition Task" operation within the Acquisition resource of this node allows users to assign a remote image acquisition task to a specified case using a selected acquisition profile. This is useful in digital forensics and incident response workflows where investigators need to remotely collect disk images or forensic data from endpoints associated with a case.
Typical scenarios include:
- Assigning imaging tasks to endpoints filtered by asset attributes such as IP address, platform, or management status.
- Automating evidence collection by linking acquisition profiles to cases.
- Filtering target assets dynamically based on tags, organization, or online status before assigning the imaging task.
For example, an investigator can select a case, choose an acquisition profile configured for disk imaging, filter assets that are currently online and managed Windows machines, and then assign the image acquisition task to those assets automatically.
Properties
| Name | Meaning |
|---|---|
| Case | The case to which the image acquisition task will be assigned. Can be selected from a list of existing cases or specified by ID. |
| Acquisition Profile | The acquisition profile defining how the image acquisition should be performed. Selectable from a list or by ID. |
| Additional Fields | A collection of optional filters and parameters to refine the assignment: |
| - Artifacts | (Not applicable for this operation) |
| - Evidence Types | (Not applicable for this operation) |
| - Filter By Asset Name | Filter target assets by their name. |
| - Filter By IP Address | Filter target assets by IP address. |
| - Filter By Management Status | Filter assets by whether they are managed or unmanaged. Options: Managed, Unmanaged. |
| - Filter By Online Status | Filter assets by online/offline status. Options: Online, Offline. |
| - Filter By Organization | Filter assets by one or more organizations. Selectable from a list or via expressions. |
| - Filter By Platform | Filter assets by operating system platform. Options: Windows, Linux, macOS, AIX. |
| - Filter By Search Term | Filter assets by a search term matching asset properties. |
| - Filter By Tags | Filter assets by comma-separated tags. |
Output
The node outputs JSON data representing the result of the assignment operation. This typically includes details about the created image acquisition task(s), such as task IDs, status, and any metadata returned by the API indicating success or failure of the assignment.
No binary data output is indicated for this operation.
Dependencies
- Requires an API key credential for authenticating with the Binalyze AIR service.
- The node depends on the Binalyze AIR API endpoints related to acquisitions, cases, and acquisition profiles.
- Proper configuration of acquisition profiles and cases in the Binalyze AIR system is necessary.
- Network connectivity to the Binalyze AIR service is required.
Troubleshooting
- Invalid Case or Acquisition Profile ID: If the provided case or acquisition profile ID does not exist or is malformed, the node may throw an error. Ensure IDs conform to allowed characters (letters, numbers, hyphens, underscores).
- No Matching Assets Found: When filters are too restrictive, no assets may match, resulting in no tasks being assigned. Review filter criteria.
- Authentication Errors: Missing or invalid API credentials will cause authentication failures. Verify API key validity and permissions.
- API Rate Limits or Service Errors: Temporary issues with the Binalyze AIR API may cause errors. Retry after some time or check service status.
- Incorrect Filter Usage: Using unsupported filter combinations or invalid values may cause errors. Use only supported options as per property definitions.