explainx.aijoin newsletter3.01k
auth-securityanalytics-data

Binalyze AIR

by binalyze

Connect to Binalyze AIR for fast digital forensics. Query endpoint data, monitor status, and manage investigations via s

Bridges to the Binalyze AIR digital forensics platform, enabling security teams to query endpoint data, monitor status, and manage investigations through a secure API connection.

github stars

7

GitHubnpm
Natural language forensics queriesBaseline comparison for change detectionComplete investigation workflow support

best for

  • / Security teams conducting digital forensics investigations
  • / Incident response analysts collecting endpoint evidence
  • / IT security monitoring endpoint changes over time

capabilities

  • / Query endpoint asset details and status
  • / Assign evidence acquisition tasks to endpoints
  • / Create and manage acquisition profiles
  • / Compare baseline data to detect changes
  • / Generate forensic comparison reports
  • / Monitor investigation task progress

what it does

Connects to Binalyze AIR digital forensics platform to manage security investigations, acquire evidence from endpoints, and monitor forensic tasks through natural language commands.

about

Binalyze AIR is an official MCP server published by binalyze that provides AI assistants with tools and capabilities via the Model Context Protocol. Connect to Binalyze AIR for fast digital forensics. Query endpoint data, monitor status, and manage investigations via s It is categorized under auth security, analytics data.

how to install

You can install Binalyze AIR in your AI client of choice. Use the install panel on this page to get one-click setup for Cursor, Claude Desktop, VS Code, and other MCP-compatible clients. This server runs locally on your machine via the stdio transport.

license

MIT

Binalyze AIR is released under the MIT license. This is a permissive open-source license, meaning you can freely use, modify, and distribute the software.

readme

Binalyze AIR MCP Server

smithery badge Node.js MCP License: MIT

<a href="https://glama.ai/mcp/servers/@binalyze/air-mcp"> <img width="380" height="200" src="https://glama.ai/mcp/servers/@binalyze/air-mcp/badge" alt="Binalyze AIR Server MCP server" /> </a> <p align="center"> <img src="./src/assets/bi-logo.png" alt="AIR Logo" width="180"/> </p>

A Node.js server implementing Model Context Protocol (MCP) for Binalyze AIR, enabling natural language interaction with AIR's digital forensics and incident response capabilities.

✨ Features

  • Asset Management - List assets in your organization.
  • Asset Details - Get detailed information about a specific asset by its ID.
  • Asset Tasks - Get all tasks associated with a specific asset by its ID.
  • Acquisition Profiles - List acquisition profiles.
  • Acquisition Tasks - Assign evidence acquisition tasks to endpoints.
  • Image Acquisition Tasks - Assign disk image acquisition tasks to endpoints.
  • Baseline Acquisition - Acquire baseline data from specific endpoints to establish a reference point.
  • Compare Baseline - Compare multiple baseline acquisition tasks for a specific endpoint to identify changes.
  • Get Comparison Report - Retrieve comparison result report for a specific endpoint and task.
  • Create Acquisition Profiles - Create new acquisition profiles with specific evidence/artifact/network settings.
  • Acquisition Artifacts - List available artifacts for evidence collection.
  • Acquisition Evidences - List available evidence items for forensic data collection.
  • Reboot Tasks - Assign reboot tasks to specific endpoints.
  • Shutdown Tasks - Assign shutdown tasks to specific endpoints.
  • Isolation Tasks - Isolate or unisolate specific endpoints.
  • Log Retrieval Tasks - Retrieve logs from specific endpoints.
  • Version Update Tasks - Assign version update tasks to specific endpoints.
  • Organization Management - List organizations.
  • Case Management - List cases in your organization.
  • Policy Management - See security policies across your organization.
  • Task Management - Track forensic collection tasks and their statuses.
  • Triage Rules - View YARA, Osquery and Sigma rules for threat detection.
  • User Management - List users in your organization.
  • User Details - Get detailed information about a specific user by their ID.
  • Drone Analyzers - View available drone analyzers with supported operating systems.
  • Audit Log Export - Initiate an export of audit logs.
  • List Audit Logs - View audit logs from the system.
  • Uninstall Assets - Uninstall specific assets based on filters without purging data.
  • Purge and Uninstall Assets - Purge data and uninstall specific assets based on filters.
  • Add Tags to Assets - Add tags to specific assets based on filters.
  • Remove Tags from Assets - Remove tags from specific assets based on filters.
  • Auto Asset Tagging - Create and update rules to automatically tag assets based on specific conditions.
  • List Auto Asset Tags - List all existing auto asset tag rules.
  • Get Auto Asset Tag Details - Get detailed information about a specific auto asset tag rule by its ID.
  • Delete Auto Asset Tag - Delete a specific auto asset tag rule by its ID.
  • Start Auto Tagging - Initiate the auto tagging process for assets that match specific filter criteria.
  • E-Discovery Patterns - List available e-discovery patterns for detecting different file types.
  • Policy Management - List, create, update, and delete policies in your organization.
  • Policy Match Statistics - See which policies apply to your assets based on various criteria.
  • Task Assignment Management - View and manage task assignments.
  • Triage Rules Management - List, create, update, and delete triage rules for threat detection.
  • Triage Tags Management - List and create triage tags for threat detection.
  • Validate Triage Rule - Validate a triage rule syntax without creating it.
  • Assign Triage Task - Assign a triage task to endpoints based on filter criteria.
  • Add Note to Case - Add a note to a specific case by its ID.
  • Update Note in Case - Update an existing note in a specific case.
  • Delete Note from Case - Delete a note from a case by its ID.
  • Export Cases - Export cases data from the system.
  • Export Case Notes - Export notes for a specific case by its ID.
  • Export Case Endpoints - Export endpoints for a specific case by its ID.
  • Export Case Activities - Export activities for a specific case by its ID.
  • Create Case - Create a new case in the system.
  • Update Case - Update an existing case by ID.
  • Get Case by ID - Get detailed information about a specific case by its ID.
  • Close Case by ID - Close a specific case by its ID.
  • Open Case by ID - Open a specific case by its ID.
  • Archive Case by ID - Archive a specific case by its ID.
  • Check Case Name - Check if a case name is already in use.
  • Get Case Activities - Get activity history for a specific case by its ID.
  • Get Case Endpoints - Get all endpoints associated with a specific case by its ID.
  • Get Case Tasks by ID - Get all tasks associated with a specific case by its ID.
  • Get Case Users - Get all users associated with a specific case by its ID.
  • Remove Endpoints from Case - Remove endpoints from a case based on specified filters.
  • Remove Task Assignment from Case - Remove a specific task assignment from a case.
  • Import Task Assignments to Case - Import task assignments to a specific case.
  • List Repositories - List all evidence repositories in the organization.
  • Create SMB Repository - Create a new SMB evidence repository.
  • Update SMB Repository - Update an existing SMB evidence repository.
  • Create SFTP Repository - Create a new SFTP evidence repository.
  • Update SFTP Repository - Update an existing SFTP evidence repository.
  • Create FTPS Repository - Create a new FTPS evidence repository.
  • Update FTPS Repository - Update an existing FTPS evidence repository.
  • Validate FTPS Repository - Validate FTPS repository configuration without creating it.
  • Create Azure Storage Repository - Create a new Azure Storage evidence repository.
  • Update Azure Storage Repository - Update an existing Azure Storage evidence repository.
  • Validate Azure Storage Repository - Validate Azure Storage repository configuration without creating it.
  • Create Amazon S3 Repository - Create a new Amazon S3 evidence repository.
  • Update Amazon S3 Repository - Update an existing Amazon S3 evidence repository.
  • Validate Amazon S3 Repository - Validate Amazon S3 repository configuration without creating it.
  • Get Repository by ID - Get detailed information about a specific evidence repository by its ID.
  • Delete Repository - Delete an evidence repository by its ID.
  • Download Case PPC - Download a PPC file for a specific endpoint and task.
  • Download Task Report - Download a task report for a specific endpoint and task.
  • Get Report File Info - Get information about a PPC file for a specific endpoint and task.
  • Get Organization Users - Get users for a specific organization by its ID.
  • Assign Users to Organization - Assign users to a specific organization.
  • Remove User from Organization - Remove a user from a specific organization.
  • Create Organization - Create a new organization.
  • Update Organization - Update an existing organization.
  • Get Organization by ID - Get detailed information about a specific organization by its ID.
  • Check Organization Name Exists - Check if an organization name already exists in the system.
  • Get Shareable Deployment Info - Get information about a shareable deployment using a deployment token.
  • Update Organization Shareable Deployment - Update an organization's shareable deployment settings.
  • Update Organization Deployment Token - Update the deployment token for a specific organization.
  • Delete Organization - Delete an organization by its ID.
  • Add Tags to Organization - Add tags to an organization.
  • Delete Tags from Organization - Delete tags from an organization.
  • Call Webhook - Call a webhook with the specified parameters.
  • Post Webhook - Post data to a webhook.
  • Get Task Assignments - Get all assignments for a specific task by its ID.
  • Update Banner Message - Update the system banner message settings.

Overview

This MCP server creates a bridge between Large Language Models (LLMs) and Binalyze AIR, allowing interaction through natural language. Retrieve information about your digital forensics environment without writing code or learning complex APIs.

🔑 API Token Requirement

Important: An API token is required for authentication. Set it using the AIR_API_TOKEN environment variable.

📦 Installation

Local Development

# Clone the repository
git clone https://github.com/binalyze/air-mcp

# Change to the project directory
cd air-mcp

# Install dependencies
npm install

# Build the project
npm run build

Usage with Claude Desktop

Add the following configuration to your Claude Desktop config file:

{
  "mcpServers": {
    "air-mcp": {
      "command": "npx",
      "args": ["-y", "@binalyze/air-mcp"],
      "env": {
        "AIR_HOST": "your-api-host.com",
        "AIR_API_TOKEN": "your-api-token"
      }
    }
  }
}

Usage with Cursor

  1. Navigate to Cursor Settings > MCP
  2. Add new MCP server wi