Actions99
- InterACT Actions
- Notification Actions
- Organization Actions
- Task Actions
- Policy Actions
- Repository Actions
- Setting Actions
- Triage Rule Actions
- User Actions
- Acquisition Actions
- API Token Actions
- Asset Actions
- Auto Asset Tag Actions
- Baseline Actions
- Case Actions
- Evidence Actions
Overview
The node provides integration with Binalyze AIR, a digital forensics and incident response platform. Specifically, the "Triage Rule" resource with the "Get Many" operation allows users to retrieve multiple triage rules from Binalyze AIR. Triage rules are used in forensic investigations to quickly assess and categorize evidence or endpoints based on predefined criteria.
This operation is beneficial when you want to list or filter triage rules according to specific attributes such as description, engine type, or organization visibility. For example, a security analyst might use this node to fetch all triage rules related to YARA signatures within a particular organization to automate or streamline incident response workflows.
Properties
| Name | Meaning |
|---|---|
| Additional Fields | A collection of optional filters and pagination settings to refine the list of triage rules returned: |
| - Filter By Description | Filter triage rules by matching text in their description. |
| - Filter By Engines | Filter triage rules by one or more engine types. Options include: YARA, Sigma, Osquery. |
| - Filter By Search Term | A general search term to filter triage rules by name or other searchable fields. |
| - Organization | Filter triage rules by organization. You can select an organization by list, ID (positive number or 0 for default), or name. Using "0" retrieves rules visible to all organizations. |
| - Page Number | The page number of results to return (minimum 1). Useful for paginated responses. |
| - Page Size | The number of results per page (minimum 1). Controls how many triage rules are returned in one call. |
Output
The output contains JSON data representing the list of triage rules retrieved from Binalyze AIR according to the specified filters and pagination. Each item in the output array corresponds to a triage rule object with its properties (such as ID, description, engine type, etc.).
No binary data output is indicated for this operation.
Dependencies
- Requires an API key credential for authenticating with the Binalyze AIR platform.
- The node depends on the Binalyze AIR API being accessible and properly configured.
- Pagination parameters should be set appropriately to handle large result sets.
Troubleshooting
Common Issues:
- Invalid organization ID or name may cause no results or errors. Ensure the organization identifier is correct.
- Using unsupported engine types in filters will result in empty results.
- Pagination parameters out of range (e.g., page number less than 1) may cause errors.
Error Messages:
"Unknown resource": This error occurs if the resource parameter is not set to "triagerules". Verify the resource selection.- API authentication errors indicate missing or invalid API credentials. Check that the API key credential is correctly configured.
- Network or connectivity issues with the Binalyze AIR API will cause request failures; verify network access and endpoint availability.