Actions99
- InterACT Actions
- Notification Actions
- Organization Actions
- Task Actions
- Policy Actions
- Repository Actions
- Setting Actions
- Triage Rule Actions
- User Actions
- Acquisition Actions
- API Token Actions
- Asset Actions
- Auto Asset Tag Actions
- Baseline Actions
- Case Actions
- Evidence Actions
Overview
This node allows you to create a new case within the Binalyze AIR platform. Cases are used to organize and manage investigations or incidents related to digital forensics and incident response. Creating a case helps teams track evidence, assign ownership, and control visibility of sensitive information.
Common scenarios include:
- Initiating a new investigation by creating a case with a descriptive name.
- Assigning the case to a specific user who will be responsible for managing it.
- Setting the visibility of the case either publicly within an organization or privately among selected users.
- Associating the case with an organization to maintain proper context and access control.
Practical example:
- A security analyst creates a case named "Ransomware Incident April 2024" assigned to themselves, visible only to a private group of responders, linked to their organization.
Properties
| Name | Meaning |
|---|---|
| Case Name | The name/title of the case being created. |
| Organization | The organization under which the case is created. You can select from a list, specify by ID(s), or by name. For some operations, "0" means all organizations. |
| Owner User | The user who will own and manage the case. Can be selected from a list, specified by user ID, or username/email. |
| Visibility | Controls who can see the case. Options: - Public to Organization - Private to Users |
| Assigned User IDs | (Optional) Comma-separated list of user IDs assigned to the case. Required if visibility is set to private. |
Output
The node outputs JSON data representing the newly created case object as returned by the Binalyze AIR API. This typically includes details such as:
- Case ID
- Case name
- Organization ID
- Owner user ID
- Visibility setting
- List of assigned users (if any)
- Creation timestamps and metadata
No binary data output is involved in this operation.
Dependencies
- Requires an active connection to the Binalyze AIR API via an API key credential configured in n8n.
- The node depends on the Binalyze AIR service being accessible and the API token having permissions to create cases.
- Proper user and organization data must exist in the system to assign ownership and link the case.
Troubleshooting
Error: Invalid organization ID or no access
Ensure the organization ID provided exists and the API token has permission to create cases under that organization.Error: Owner user not found or invalid user ID
Verify the owner user ID or username is correct and that the user exists in the system.Error: Assigned users required for private visibility
When setting visibility to "Private to Users," you must provide at least one assigned user ID.Error: API authentication failed
Check that the API key credential is valid and has not expired.General network or timeout errors
Confirm network connectivity to the Binalyze AIR API endpoint and retry.