Actions99
- InterACT Actions
- Notification Actions
- Organization Actions
- Task Actions
- Policy Actions
- Repository Actions
- Setting Actions
- Triage Rule Actions
- User Actions
- Acquisition Actions
- API Token Actions
- Asset Actions
- Auto Asset Tag Actions
- Baseline Actions
- Case Actions
- Evidence Actions
Overview
The node enables executing commands interactively on remote devices through the InterACT resource of Binalyze AIR. It allows users to run shell commands within an active session, supporting both synchronous and asynchronous execution modes. This is useful for automating forensic or incident response tasks by remotely running diagnostic or investigative commands on endpoints.
Typical use cases include:
- Running a command to collect system information or logs during an investigation.
- Executing scripts or tools remotely without manual intervention.
- Automating repetitive command executions across multiple devices in a workflow.
For example, a user can start an InterACT session with a device, then use this node to execute a command like netstat -an to gather network connection details, and process the output further in the workflow.
Properties
| Name | Meaning |
|---|---|
| Session ID | The unique identifier of the active InterACT session where the command will be executed. |
| Command | The shell command string to execute within the InterACT session. |
| Additional Fields | Optional parameters to customize command execution: |
| Timeout (Seconds) | Maximum time allowed for command execution before timing out (1 to 3600 seconds). |
| Working Directory | The directory path in which to execute the command. |
| Environment Variables | JSON object specifying environment variables to set for the command execution context. |
Output
The node outputs the result of the executed command in the json field of the output data. This typically includes:
- The command's standard output and standard error streams.
- Execution status or exit code.
- Any metadata related to the command execution such as timestamps or session info.
If the command produces binary data, it may be included in the output accordingly, but the primary focus is on textual command results.
Dependencies
- Requires an active InterACT session identified by a valid session ID.
- Needs an API key credential configured in n8n to authenticate with the Binalyze AIR platform.
- The node depends on the Binalyze AIR API being accessible from the n8n environment.
Troubleshooting
- Invalid Session ID: If the session ID is incorrect or expired, the command execution will fail. Ensure the session is active and the ID is correct.
- Command Timeout: Commands exceeding the specified timeout will be terminated. Increase the timeout if needed.
- Permission Issues: Some commands may require elevated privileges on the target device. Verify permissions.
- Malformed Environment Variables: The environment variables must be valid JSON. Invalid JSON will cause errors.
- Network Connectivity: Ensure n8n can reach the Binalyze AIR API endpoint without firewall or network issues.
Common error messages might indicate authentication failures, session not found, or command execution errors. Reviewing the session state and API credentials usually resolves these.