Actions99
- InterACT Actions
- Notification Actions
- Organization Actions
- Task Actions
- Policy Actions
- Repository Actions
- Setting Actions
- Triage Rule Actions
- User Actions
- Acquisition Actions
- API Token Actions
- Asset Actions
- Auto Asset Tag Actions
- Baseline Actions
- Case Actions
- Evidence Actions
Overview
The node provides integration with Binalyze AIR's InterACT feature, which enables interactive shell sessions and command execution on endpoint devices. Specifically, the "Assign InterACT Task" operation allows users to create an interactive session of a specified type (Shell, PowerShell, or Command Prompt) on targeted endpoints filtered by various criteria. This is useful for security analysts or IT administrators who need to remotely investigate, troubleshoot, or remediate issues on multiple devices in their environment.
Practical examples include:
- Launching a PowerShell session on all online Windows endpoints within a specific organizational group to run diagnostic commands.
- Opening a Shell session on Linux servers filtered by tags or IP addresses to perform live incident response.
- Executing predefined commands automatically during the session with a configurable timeout.
Properties
| Name | Meaning |
|---|---|
| Session Type | The type of InterACT session to create. Options: Shell, PowerShell, Command Prompt. |
| Filter | Criteria to select target endpoints for the session. Includes: - Asset Name - Excluded Endpoint IDs (comma-separated) - Group Full Path - Group ID - Included Endpoint IDs (comma-separated) - IP Address - Isolation Status (Isolated, Not Isolated) - Managed Status (Managed, Unmanaged) - Online Status (Online, Offline) - Organization (select by list, ID, or name; "0" means all organizations) - Platform (Linux, macOS, Windows) - Policy - Search Term - Tags (comma-separated) - Version (agent version) |
| Additional Fields | Optional extra parameters: - Commands: Commands to execute in the session (comma-separated) - Timeout (Seconds): Session timeout duration, between 1 and 3600 seconds (default 300) |
Output
The node outputs JSON data representing the result of the assigned InterACT task. This typically includes details about the created session such as session ID, status, targeted endpoints, and any immediate response or metadata returned from the API.
If binary data were involved (e.g., session logs or files), it would be summarized accordingly, but this operation focuses on session assignment and command execution rather than direct binary output.
Dependencies
- Requires an active connection to Binalyze AIR via an API key credential configured in n8n.
- The node depends on Binalyze AIR's API endpoints for managing InterACT sessions.
- Proper permissions on the API key are necessary to assign tasks and interact with endpoints.
- Network connectivity to Binalyze AIR service must be available.
Troubleshooting
Common Issues:
- Incorrect or insufficient API credentials can cause authentication failures.
- Filters that do not match any endpoints will result in no sessions being created.
- Specifying invalid session types or commands may cause API errors.
- Timeout values outside the allowed range (1-3600 seconds) will be rejected.
Error Messages:
"Unknown resource": Occurs if the resource parameter is incorrect or missing.- API errors related to authorization or permissions indicate the API key lacks required scopes.
- Validation errors on filter fields or session parameters usually specify which input is invalid.
Resolutions:
- Verify API credentials and permissions.
- Double-check filter criteria to ensure they correctly target intended endpoints.
- Use valid session types and properly formatted commands.
- Ensure timeout values are within the allowed limits.