Actions99
- InterACT Actions
- Notification Actions
- Organization Actions
- Task Actions
- Policy Actions
- Repository Actions
- Setting Actions
- Triage Rule Actions
- User Actions
- Acquisition Actions
- API Token Actions
- Asset Actions
- Auto Asset Tag Actions
- Baseline Actions
- Case Actions
- Evidence Actions
Overview
The node provides integration with Binalyze AIR, a platform for managing digital forensic and incident response resources. Specifically, the Policy - Get Policy Match Stats operation retrieves statistical data about how policies match endpoints within an organization or environment.
This operation is useful in scenarios where security teams want to analyze the effectiveness and coverage of their security policies across various endpoints. For example, it can help identify which endpoints comply with certain policies, which are excluded, or how different endpoint attributes (like platform, isolation status, or tags) affect policy matches.
Practical examples include:
- Filtering endpoints by platform (Windows, Linux, macOS) to see policy compliance statistics per OS.
- Excluding certain endpoint IDs from the stats to focus on a subset of devices.
- Filtering by online/offline status or managed/unmanaged status to understand policy impact on active vs inactive or managed vs unmanaged devices.
- Using search terms or tags to narrow down the scope of endpoints included in the statistics.
Properties
| Name | Meaning |
|---|---|
| Additional Fields | A collection of optional filters to refine the policy match statistics query. Contains the following sub-properties: |
| - Filter By Excluded Endpoint IDs | Comma-separated list of endpoint IDs to exclude from the filter. |
| - Filter By Group Full Path | Filter results by the full path of the group the endpoints belong to. |
| - Filter By Group ID | Filter results by a specific group ID. |
| - Filter By Included Endpoint IDs | Comma-separated list of endpoint IDs to include in the filter. |
| - Filter By IP Address | Filter results by a specific IP address. |
| - Filter By Isolation Status | Filter by isolation status of endpoints. Options: "Isolated", "Not Isolated". |
| - Filter By Issue | Filter by issue associated with endpoints. |
| - Filter By Managed Status | Filter by management status of endpoints. Options: "Managed", "Unmanaged". |
| - Filter By Name | Filter by endpoint name. |
| - Filter By Online Status | Filter by online status of endpoints. Options: "Online", "Offline". |
| - Filter By Platform | Filter by platform type of endpoints. Options: "Windows", "Linux", "macOS". |
| - Filter By Policy | Filter by specific policy. |
| - Filter By Search Term | Search term to filter endpoints by matching text. |
| - Filter By Tags | Comma-separated list of tags to filter endpoints by. |
| - Filter By Version | Filter by version of something related to endpoints (likely agent or software version). |
| - Organization | Selects the organization to filter policies by. Can be selected from a list, specified by ID, or by name. Use "0" to include all organizations. |
Output
The output JSON contains the policy match statistics data as returned by the Binalyze AIR API for the given filters. This typically includes aggregated counts or detailed information about how many endpoints match each policy, grouped by various criteria depending on the filters applied.
If the node supports binary data output (not explicitly shown here), it would represent downloadable reports or files related to the policy match stats, but this operation primarily returns JSON data summarizing policy matches.
Dependencies
- Requires an API key credential for authenticating with the Binalyze AIR platform.
- The node depends on the Binalyze AIR API being accessible and properly configured.
- The user must have appropriate permissions in Binalyze AIR to query policy match statistics.
- No additional external services beyond Binalyze AIR API are required.
Troubleshooting
Common Issues:
- Invalid or missing API credentials will cause authentication failures.
- Providing invalid filter values (e.g., malformed comma-separated lists, invalid organization IDs) may result in errors or empty results.
- Network connectivity issues to the Binalyze AIR API endpoint can cause request failures.
- Using unsupported or misspelled filter options may lead to unexpected behavior or errors.
Error Messages:
"Unknown resource": Indicates the resource parameter was not set correctly; ensure "policies" is selected.- Authentication errors: Check that the API key credential is valid and has necessary permissions.
- Validation errors on input fields: Ensure that IDs are positive numbers or zero (for default organization), and that multi-option filters use allowed values.
Resolution Tips:
- Double-check all filter inputs for correct formatting.
- Verify API credentials and network access.
- Use the node's built-in option selectors where possible to avoid typos.
- Review Binalyze AIR API documentation for any changes in filter parameters or expected values.
Links and References
- Binalyze AIR Official Website
- Binalyze AIR API Documentation
- n8n Documentation on Creating Custom Nodes