Actions99
- InterACT Actions
- Notification Actions
- Organization Actions
- Task Actions
- Policy Actions
- Repository Actions
- Setting Actions
- Triage Rule Actions
- User Actions
- Acquisition Actions
- API Token Actions
- Asset Actions
- Auto Asset Tag Actions
- Baseline Actions
- Case Actions
- Evidence Actions
Overview
The node provides integration with Binalyze AIR, a digital forensics and incident response platform. Specifically, the Asset - Uninstall operation allows users to uninstall software or agents from endpoint assets managed within Binalyze AIR. This is useful in scenarios such as decommissioning devices, removing forensic agents after data collection, or cleaning up endpoints remotely.
Typical use cases include:
- Automatically uninstalling forensic agents from endpoints after completing an investigation.
- Removing software from groups of assets filtered by criteria like IP address, tags, or organizational unit.
- Managing endpoint lifecycle by selectively uninstalling based on asset status or platform.
Properties
| Name | Meaning |
|---|---|
| Filter Options | A collection of filters to specify which assets to target for uninstallation. You can combine multiple filters to narrow down the selection. |
| Excluded Asset IDs | Comma-separated list of specific asset IDs to exclude from the operation. |
| Included Asset IDs | Comma-separated list of specific asset IDs to include in the operation. |
| Filter By Asset Name | Filter assets by their name (partial or full match). |
| Filter By IP Address | Filter assets by their IP address. |
| Filter By Isolation Status | Filter assets by whether they are isolated or not isolated. Options: "Isolated", "Not Isolated". |
| Filter By Managed Status | Filter assets by management status. Options: "Managed", "Unmanaged". |
| Filter By Online Status | Filter assets by online status. Options: "Online", "Offline". |
| Filter By Organization | Filter assets by organization. Can be selected from a list, or specified by ID or name. |
| Filter By Platform | Filter assets by operating system platform. Options: "Windows", "macOS", "Linux". |
| Filter By Search Term | General search term to filter assets. |
| Filter By Tags | Comma-separated list of tags to filter assets by. |
These properties allow flexible targeting of assets for the uninstall operation, enabling precise control over which endpoints are affected.
Output
The node outputs JSON data representing the result of the uninstall operation. The structure typically includes information about the assets targeted, the success or failure status per asset, and any messages or errors returned by the Binalyze AIR API.
If binary data were involved (e.g., logs or files), it would be indicated here, but this operation primarily deals with JSON responses confirming uninstall commands.
Dependencies
- Requires an API key credential for authenticating with the Binalyze AIR platform.
- Needs network connectivity to the Binalyze AIR API endpoint.
- The node depends on the Binalyze AIR service being accessible and properly configured with the assets registered.
Troubleshooting
Common Issues:
- Incorrect or missing API credentials will cause authentication failures.
- Filtering with invalid asset IDs or parameters may result in no assets being found or targeted.
- Network issues or API downtime can cause request failures.
- Trying to uninstall from offline or unmanaged assets might fail depending on platform restrictions.
Error Messages:
"Unknown resource": Indicates the resource parameter was set incorrectly; ensure "Asset" is selected.- API errors related to permissions or invalid filters should be checked against the Binalyze AIR API documentation.
- Validation errors on input fields (e.g., organization ID format) must be corrected according to the specified formats.
Links and References
- Binalyze AIR Official Website
- Binalyze AIR API Documentation
- n8n Documentation on Creating Custom Nodes