Skip to main content

Binalyze AIR

Collect over 150 different types of evidence under 10 minutes.

What is Binalyze AIR?

AIR is an "Automated Incident Response" platform that provides the complete feature set for:

  • Remotely collecting 150+ evidence types in minutes,
  • Capturing the "Forensic State" of an endpoint as a well-organized HTML/JSON report,
  • Performing triage on thousands of endpoints using YARA,
  • Integrating with SIEM/SOAR/EDR products for automating the response phase IR,
  • Enriching alerts for eliminating false positives,
  • Investigating pre-cursors generated by other security products.

What does this pack do?

You can use two features of Binalyze AIR within CORTEX XSoar:

1. Acquisition

One of the core features of AIR is collecting evidence remotely. This feature is made possible by "Acquisition Profiles," a group of different evidence categories. With this integration, you can use following profiles:

  • Full,
  • Quick,
  • Memory (RAM + PageFile),
  • Event Logs,
  • Browsing History,
  • Compromise Assesment.

2. Isolation

Endpoint isolation works by terminating all connections of an endpoint and not allowing any new connections.

  • When an endpoint is isolated, you can still perform tasks such as Acquisition.

For more information, please refer to Knowledge Base

PUBLISHER

Binalyze Integration Team

INFO

CertificationRead more
Supported ByPartner
CreatedAugust 1, 2022
Last ReleaseAugust 1, 2022
WORKS WITH THE FOLLOWING INTEGRATIONS:

DISCLAIMER
Content packs are licensed by the Publisher identified above and subject to the Publisher’s own licensing terms. Palo Alto Networks is not liable for and does not warrant or support any content pack produced by a third-party Publisher, whether or not such packs are designated as “Palo Alto Networks-certified” or otherwise. For more information, see the Marketplace documentation.