Actions99
- InterACT Actions
- Notification Actions
- Organization Actions
- Task Actions
- Policy Actions
- Repository Actions
- Setting Actions
- Triage Rule Actions
- User Actions
- Acquisition Actions
- API Token Actions
- Asset Actions
- Auto Asset Tag Actions
- Baseline Actions
- Case Actions
- Evidence Actions
Overview
The node provides integration with Binalyze AIR, a platform for digital forensics and incident response automation. Specifically, the InterACT resource allows users to manage interactive shell sessions on devices, including executing commands and retrieving command messages.
The Get Command Message operation fetches the output or status message of a previously executed command within an active InterACT session. This is useful in scenarios where commands are run asynchronously or interactively on remote endpoints, and you want to retrieve their results or progress updates.
Practical examples:
- After sending a command to a device to collect forensic data, use this operation to poll and retrieve the command's output.
- Monitor the status or error messages of a long-running command execution in an interactive session.
- Retrieve specific messages by their ID from an ongoing or completed command session.
Properties
| Name | Meaning |
|---|---|
| Session ID | The unique identifier of the InterACT session where the command was executed. |
| Message ID | The unique identifier of the specific command message to retrieve from the session logs. |
Output
The node outputs JSON data representing the details of the requested command message. This typically includes information such as the message content, status, timestamps, and possibly metadata about the command execution.
If the command message contains binary data (e.g., file contents or raw output), it would be included in the binary output field, allowing further processing or download.
Dependencies
- Requires a valid API key credential for authenticating with the Binalyze AIR platform.
- The node depends on the Binalyze AIR API being accessible and the InterACT service enabled.
- Proper permissions on the API key to access interactive sessions and command messages are necessary.
Troubleshooting
Common issues:
- Invalid or expired session ID or message ID will result in errors or empty responses.
- Network connectivity problems can prevent communication with the Binalyze AIR API.
- Insufficient permissions on the API key may cause authorization failures.
Error messages:
"Unknown resource": Indicates the resource parameter is incorrect or unsupported.- API errors related to authentication or authorization should be resolved by verifying the API key credentials.
- If the message ID does not exist or is not found in the session, the node may return an error or empty result; verify IDs carefully.