Binalyze AIR icon

Binalyze AIR

Manage Binalyze AIR resources

Actions99

Overview

The node provides integration with Binalyze AIR, a digital forensics and incident response platform. Specifically, the "Asset" resource with the "Get Many" operation allows users to retrieve multiple endpoint assets from their Binalyze AIR environment. This is useful for scenarios where you want to list or filter assets based on various criteria such as name, IP address, status, organization, platform, tags, and more.

Practical examples include:

  • Fetching all online Windows assets managed by a specific organization.
  • Retrieving assets filtered by isolation or managed status for further investigation.
  • Paginating through large asset inventories to process or report on them in batches.

This operation helps automate asset inventory management and supports workflows that require up-to-date endpoint information.

Properties

Name Meaning
Additional Fields A collection of optional filters and pagination settings to refine the asset query:
- Filter By Asset Name Filter assets by their exact or partial name (string).
- Filter By IP Address Filter assets by IP address (string).
- Filter By Isolation Status Filter assets by isolation state; options are "Isolated" or "Not Isolated". Multiple selections allowed.
- Filter By Managed Status Filter assets by management status; options are "Managed" or "Unmanaged". Multiple selections allowed.
- Filter By Online Status Filter assets by online state; options are "Online" or "Offline". Multiple selections allowed.
- Filter By Organization Select an organization to filter assets by. Can be chosen from a list, by ID (numeric), or by name (string).
- Filter By Platform Filter assets by operating system platform; options include "Windows", "macOS", and "Linux". Multiple selections allowed.
- Filter By Search Term General search term to filter assets (string).
- Filter By Tags Comma-separated list of tags to filter assets by (string).
- Page Page number to retrieve (number, minimum 1). Used for pagination.
- Page Size Number of assets to return per page (number, between 1 and 1000). Controls pagination size.

Output

The node outputs an array of JSON objects representing the retrieved assets. Each object contains detailed information about an individual asset, including but not limited to its name, IP address, isolation status, managed status, online status, organization affiliation, platform, and tags.

If the node supports binary data output (not indicated explicitly here), it would typically represent downloadable evidence or files related to assets, but this operation focuses on JSON asset metadata.

Dependencies

  • Requires a valid API key credential for authenticating with the Binalyze AIR platform.
  • The node depends on the Binalyze AIR API being accessible and properly configured.
  • Pagination parameters should be used carefully to avoid excessive data retrieval.
  • No additional external services beyond Binalyze AIR are required.

Troubleshooting

  • Common Issues:

    • Incorrect or missing API credentials will cause authentication failures.
    • Providing invalid organization IDs (non-numeric) will trigger validation errors.
    • Requesting pages beyond available data may return empty results.
    • Using unsupported filter values may result in no matches or API errors.

  • Error Messages:

    • "Unknown resource: assets" — indicates the resource parameter was not set correctly.
    • Validation error for organization ID if non-numeric input is provided.
    • Network or authentication errors if API key is invalid or network is unreachable.

  • Resolutions:

    • Verify API credentials and permissions.
    • Ensure organization IDs are numeric when filtering by ID.
    • Use valid filter values as per the property options.
    • Check network connectivity and API endpoint availability.

Links and References

Discussion