Actions99
- InterACT Actions
- Notification Actions
- Organization Actions
- Task Actions
- Policy Actions
- Repository Actions
- Setting Actions
- Triage Rule Actions
- User Actions
- Acquisition Actions
- API Token Actions
- Asset Actions
- Auto Asset Tag Actions
- Baseline Actions
- Case Actions
- Evidence Actions
Overview
The node provides integration with Binalyze AIR, a digital forensics and incident response platform. Specifically, the InterACT resource enables interactive shell sessions and command execution on endpoint devices managed by Binalyze AIR.
The Interrupt Command operation allows users to interrupt or cancel a running command within an active InterACT session. This is useful in scenarios where a command is taking too long, producing unwanted results, or needs to be stopped due to changing investigation priorities.
Practical examples:
- Interrupting a forensic data collection command that was started accidentally.
- Stopping a long-running diagnostic command on a remote device.
- Canceling a command that is no longer relevant during an incident response workflow.
Properties
| Name | Meaning |
|---|---|
| Session ID | The unique identifier of the active InterACT session where the command is running. |
| Message ID | The unique identifier of the specific command message to be interrupted within the session. |
Output
The node outputs JSON data representing the result of the interrupt command request. This typically includes confirmation of the interruption status or any error messages returned by the Binalyze AIR API.
No binary data output is involved in this operation.
Dependencies
- Requires an active Binalyze AIR API key credential configured in n8n for authentication.
- Depends on the Binalyze AIR service being accessible via its API endpoint.
- The node uses internal resource modules to handle API requests related to InterACT sessions and commands.
Troubleshooting
Common issues:
- Invalid or expired session ID or message ID will cause the interrupt request to fail.
- Network connectivity problems may prevent communication with the Binalyze AIR API.
- Insufficient permissions associated with the API key can block command interruption.
Error messages:
"Unknown resource": Indicates the resource parameter is incorrect; ensure "interact" is selected.- API errors related to invalid session or message IDs usually indicate these identifiers do not exist or are not active.
Resolutions:
- Verify the session ID and message ID values are correct and correspond to active sessions/commands.
- Check API key validity and permissions.
- Ensure network access to the Binalyze AIR API endpoint.
Links and References
- Binalyze AIR Official Documentation
- Binalyze AIR API Reference
- n8n Documentation on Creating Custom Nodes