binalyze
Bridges to the Binalyze AIR digital forensics platform, enabling security teams to query endpoint data, monitor status, and manage investigations through a secure API connection.
List all cases in the system
List all tasks in the system
List all users in the system
Create a new case in the system
List all assets in the system
Update an existing case by ID
Call a webhook with the specified parameters
Export cases data from the system
Post data to a webhook
Create a new policy with specific storage and compression settings
List all policies in the system
Start the auto asset tagging process for assets matching filter criteria.
Update an existing policy with specific storage and filter settings
Get detailed information about a specific case by its ID
Get all users associated with a specific case by its ID
Get detailed information about a specific task by its ID
Get detailed information about a specific user by their ID
Check if a case name is already in use
Get detailed information about a specific asset by its ID
List audit logs from the AIR system
Open a previously closed case by its ID
Assign a baseline acquisition task to specific endpoints
Add a note to a specific case by its ID
Close a case by its ID
Compare baseline acquisition tasks for a specific endpoint
Get detailed information about a specific policy by its ID
List all triage rule tags in the system
Uninstall specific assets based on filters without purging data. Requires specifying `filter.includedEndpointIds`.
Cancel a specific task by its ID
Change the owner of a case
Create a new triage rule tag
Delete an evidence repository by its ID
Delete a specific task by its ID
Download a PPC file for a specific endpoint and task
Initiate an export of audit logs from the AIR system
Export notes for a specific case by its ID
List all evidence repositories in the system
List all triage rules in the system
Add tags to specific assets based on filters. Requires specifying `filter.includedEndpointIds` and `tags`.
Archive a case by its ID
Assign a reboot task to specific endpoints
Assign a triage task to endpoints based on filter criteria
Create a new triage rule
Delete an existing triage rule by ID
Get all endpoints associated with a specific case by its ID
List all organizations in the system
Update an existing triage rule by ID
Create a new organization
Delete an organization by its ID
Delete a specific policy by its ID
Get activity history for a specific case by its ID
Update an existing note in a specific case
Assign a shutdown task to specific endpoints
Download a task report for a specific endpoint and task
Get all tasks associated with a specific case by its ID
Get information about a PPC file for a specific endpoint and task
Get detailed information about a specific evidence repository by its ID
Get all assignments for a specific task by its ID
List all auto asset tag rules in the system.
List all drone analyzers in the system
Validate a triage rule syntax without creating it
Assign an isolation task to specific endpoints
Create a new rule to automatically tag assets based on specified conditions for Linux, Windows, and macOS.
Create a new SMB evidence repository
Delete a note from a case by its ID
Export endpoints for a specific case by its ID
Get all tasks associated with a specific asset by its ID
Get comparison result report for a specific endpoint and task
Get a specific triage rule by its ID
Update an existing auto asset tag rule.
Update the system banner message settings
Update an existing SMB repository by ID
Cancel a task assignment by its ID
Create a new FTPS evidence repository
Create a new SFTP evidence repository
Delete a specific task assignment by its ID
Export activities for a specific case by its ID
Get detailed information about a specific organization by its ID
Get users for a specific organization by its ID
Get statistics on how many endpoints match each policy based on filter criteria
Update an existing FTPS evidence repository
Update an existing SFTP repository
Assign an evidence acquisition task to specific endpoints
Remove tags from specific assets based on filters. Requires specifying `filter.includedEndpointIds` and `tags`.
Add tags to an organization
Get details of a specific auto asset tag rule by its ID
Update the priority order of policies
Validate FTPS repository configuration without creating it
Assign a log retrieval task to specific endpoints
List all acquisition profiles in the system
List all e-discovery patterns for file type detection
Update an existing organization by ID
Assign a version update task to specific endpoints
Create a new acquisition profile
Get all assignments associated with a specific task by its ID
List all acquisition artifacts available for evidence collection
Purge data and uninstall specific assets based on filters. Requires specifying `filter.includedEndpointIds`.
Remove endpoints from a case based on specified filters
Create a new Amazon S3 repository for evidence storage
Delete a specific auto asset tag rule by its ID
Update an existing Amazon S3 repository
Assign users to a specific organization
Assign a disk image acquisition task to specific endpoints and volumes
Delete specific tags from an organization
Get details of a specific acquisition profile by its ID
Get shareable deployment information using a deployment token
Remove a user from an organization
Validate Amazon S3 repository configuration
Check if an organization name already exists in the system
Create a new Azure Storage repository
Import task assignments to a specific case
Update an existing Azure Storage repository
Remove a specific task assignment from a case
Validate an Azure Storage repository configuration
Update the deployment token for a specific organization
Update an organization's shareable deployment settings
Connect to MCP Server
Required environment variables:
AIR_HOST
AIR_API_TOKEN