Actions99
- InterACT Actions
- Notification Actions
- Organization Actions
- Task Actions
- Policy Actions
- Repository Actions
- Setting Actions
- Triage Rule Actions
- User Actions
- Acquisition Actions
- API Token Actions
- Asset Actions
- Auto Asset Tag Actions
- Baseline Actions
- Case Actions
- Evidence Actions
Overview
This node operation, Remove Endpoints under the Case resource, is designed to remove one or more endpoints from a specified case in Binalyze AIR. It allows users to filter and specify which endpoints should be removed based on various criteria such as endpoint IDs, group, IP address, isolation status, managed status, platform, tags, and more.
Typical use cases include:
- Cleaning up or updating a case by removing endpoints that are no longer relevant.
- Removing endpoints selectively based on their attributes (e.g., only isolated endpoints or those belonging to certain groups).
- Automating case management workflows where endpoints need to be dynamically removed based on changing conditions.
For example, a security analyst might want to remove all offline Windows endpoints from a case except for a few critical ones, or exclude endpoints belonging to a specific organization.
Properties
| Name | Meaning |
|---|---|
| Case ID | The unique identifier of the case from which endpoints will be removed. This is required. |
| Excluded Endpoint IDs | Comma-separated list of endpoint IDs that should be excluded from removal, even if they match other filters. |
| Filter By Group Full Path | Filter endpoints by the full path of their group. |
| Filter By Group ID | Filter endpoints by their group ID. |
| Included Endpoint IDs | Comma-separated list of endpoint IDs to specifically include for removal. |
| Filter By IP Address | Filter endpoints by their IP address. |
| Filter By Isolation Status | Filter endpoints by their isolation status. Options: "Isolated", "Not Isolated". |
| Filter By Issue | Filter endpoints by associated issue. |
| Filter By Managed Status | Filter endpoints by whether they are managed or unmanaged. Options: "Managed", "Unmanaged". |
| Filter By Name | Filter endpoints by their name. |
| Filter By Online Status | Filter endpoints by their online status. Options: "Online", "Offline". |
| Filter By Organization IDs | Comma-separated list of organization IDs to filter endpoints by. |
| Filter By Platform | Filter endpoints by platform type. Options: "Windows", "Linux", "macOS". |
| Filter By Policy | Filter endpoints by policy. |
| Search Term | A general search term to filter endpoints. |
| Filter By Tags | Comma-separated list of tags to filter endpoints by. |
| Filter By Version | Filter endpoints by version. |
Output
The node outputs JSON data representing the result of the remove endpoints operation. This typically includes confirmation of which endpoints were removed or any relevant status messages returned by the API.
If binary data output is supported (not indicated here), it would represent files or evidence related to the case or endpoints, but this operation focuses on endpoint removal and thus primarily outputs JSON status information.
Dependencies
- Requires an active connection to the Binalyze AIR API via an API key credential configured in n8n.
- The node depends on the Binalyze AIR service being accessible and the user having appropriate permissions to modify cases and endpoints.
- No additional external dependencies beyond the configured API authentication.
Troubleshooting
Common Issues:
- Providing an invalid or empty Case ID will cause the operation to fail.
- Incorrectly formatted endpoint ID lists (e.g., missing commas) may lead to unexpected behavior.
- Filtering with conflicting parameters might result in no endpoints being matched or removed.
- Insufficient permissions on the API key can cause authorization errors.
Error Messages:
"Unknown resource": Indicates the resource parameter is incorrect; ensure "cases" is selected.- API errors related to invalid IDs or filters usually return descriptive messages from Binalyze AIR; verify input values.
- Network or authentication errors suggest checking API credentials and connectivity.
Resolution Tips:
- Double-check all input fields for correct formatting.
- Use the included/excluded endpoint IDs carefully to avoid accidental removals.
- Test filters individually to confirm they select the intended endpoints before running removal.
- Ensure the API key has sufficient privileges.
Links and References
- Binalyze AIR Official Documentation
- Binalyze AIR API Reference
- n8n Documentation on Creating Custom Nodes