Actions99
- InterACT Actions
- Notification Actions
- Organization Actions
- Task Actions
- Policy Actions
- Repository Actions
- Setting Actions
- Triage Rule Actions
- User Actions
- Acquisition Actions
- API Token Actions
- Asset Actions
- Auto Asset Tag Actions
- Baseline Actions
- Case Actions
- Evidence Actions
Overview
The node provides integration with Binalyze AIR, a digital forensics and incident response platform. Specifically, the Baseline resource with the Compare Baseline operation allows users to compare forensic data collected from endpoints against predefined baseline task results. This comparison helps identify deviations or anomalies in endpoint states over time.
Typical use cases include:
- Detecting changes or suspicious activity on endpoints by comparing current forensic snapshots to known baselines.
- Automating forensic analysis workflows by programmatically retrieving comparison reports.
- Supporting incident response teams in quickly assessing endpoint integrity.
For example, a security analyst could use this node to input an endpoint ID and a list of task IDs representing previous forensic captures, then retrieve a detailed comparison report highlighting differences from the baseline.
Properties
| Name | Meaning |
|---|---|
| Endpoint ID | The unique identifier of the endpoint device whose baseline comparison is requested. |
| Task IDs | A comma-separated list of task IDs representing forensic tasks to compare against baseline. |
Output
The node outputs JSON data containing the results of the baseline comparison. This typically includes details about differences found between the specified tasks and the baseline for the given endpoint. The exact structure depends on the API response but generally contains:
- Summary of comparison results.
- Details of detected changes or anomalies.
- Metadata such as timestamps, task identifiers, and endpoint information.
No binary data output is indicated for this operation.
Dependencies
- Requires an active connection to the Binalyze AIR API via an API key credential configured in n8n.
- The node depends on the Binalyze AIR service being accessible and the user having appropriate permissions to query baseline comparisons.
- No additional external dependencies are required beyond the API access.
Troubleshooting
Common issues:
- Invalid or missing Endpoint ID or Task IDs parameters will cause errors.
- Network connectivity problems or incorrect API credentials can lead to authentication failures.
- Specifying non-existent task IDs or endpoint IDs may result in empty or error responses.
Error messages:
"Unknown resource": Indicates the selected resource is not recognized; ensure "baselines" is chosen.- API authentication errors: Verify that the API key credential is correctly set up and has necessary permissions.
- Validation errors for required parameters: Ensure both Endpoint ID and Task IDs are provided and correctly formatted.