Actions99
- InterACT Actions
- Notification Actions
- Organization Actions
- Task Actions
- Policy Actions
- Repository Actions
- Setting Actions
- Triage Rule Actions
- User Actions
- Acquisition Actions
- API Token Actions
- Asset Actions
- Auto Asset Tag Actions
- Baseline Actions
- Case Actions
- Evidence Actions
Overview
The node manages Binalyze AIR resources, specifically allowing operations on acquisition profiles and remote acquisitions when the "Acquisition" resource is selected. The "Update" operation for Acquisition enables users to modify an existing acquisition profile by specifying its ID and updating properties such as the profile name, description, and additional fields related to artifacts and evidence types to collect.
This node is beneficial in digital forensics and incident response workflows where automated or remote data acquisition from endpoints is required. For example, a security analyst can update an acquisition profile to change which artifacts (like memory dumps or registry data) are collected during an investigation, ensuring that the data gathered matches the current investigative needs.
Properties
| Name | Meaning |
|---|---|
| Acquisition Profile | The acquisition profile to operate on. Can be selected from a list of existing profiles or specified directly by ID (must contain only letters, numbers, hyphens, and underscores). |
| Profile Name | The new name for the acquisition profile being updated. |
| Description | A textual description of the acquisition profile. |
| Additional Fields | A collection of optional fields to further specify acquisition details: |
| - Artifacts | Select one or more artifacts to collect during acquisition. Options include Browser History, File System, Installed Software, Memory Dump, Network Connections, Registry, and System Information. |
| - Evidence Types | Select one or more types of evidence to collect. Options include Documents, Executables, Files, Images, and Logs. |
Output
The node outputs JSON data representing the result of the update operation on the acquisition profile. This typically includes confirmation of the updated profile's details such as its ID, name, description, and configured artifacts and evidence types. The output structure allows downstream nodes to use or log the updated acquisition profile information.
There is no indication that this node outputs binary data.
Dependencies
- Requires an API key credential for authenticating with the Binalyze AIR service.
- The node depends on the Binalyze AIR API to perform acquisition profile updates.
- Proper configuration of the API authentication credential within n8n is necessary.
Troubleshooting
- Invalid Acquisition Profile ID: If the provided acquisition profile ID contains invalid characters (anything other than letters, numbers, hyphens, and underscores), the node will reject it. Ensure the ID format matches the regex pattern.
- Missing Required Fields: The "Acquisition Profile" and "Profile Name" fields are mandatory. Omitting these will cause errors.
- API Authentication Errors: If the API key credential is missing, invalid, or expired, the node will fail to connect to the Binalyze AIR service. Verify the credential setup.
- Network Issues: Connectivity problems between n8n and the Binalyze AIR API endpoint may cause timeouts or failures.
- Invalid Option Selections: Selecting unsupported artifact or evidence types may lead to API errors. Use only the provided options.
Links and References
- Binalyze AIR Documentation – Official documentation for managing acquisition profiles and other resources.
- n8n Expressions – Guide on using expressions in n8n for dynamic property values.