Skip to the main content.

1 min read

Binalyze AIR Product Release v2.2.1

Featured Image

Welcome to the AIR Release Notes blog post series.

New features

  • Export key data to CSV

  • Out-of-the-box support for Elasticsearch Logstash Kibana (ELK) and Sumo Logic SIEM

  •  Trigger an AIR acquisition from Slack and Mattermost

Export key data to CSV

With the latest version of Binalyze AIR, you can export endpoints, case information, timelines, and audit logs to CSV.

How does it work? 

Click on the new export button and AIR will collect the data and start the download.

You can apply filters to export selected data. 

Exporting makes it easier to integrate AIR into your existing investigative workflows, reporting, and audit processes. 



Elastic Stack (ELK) and Sumo Logic 

Having Binalyze AIR integrated into your SIEM allows you to react in real-time by starting a forensic acquisition on the endpoint whenever there is a suspicious activity detected by the SIEM. By creating a simple rule, AIR acquires evidence and stores it in the chosen evidence repositories.

With this release, we incorporated Elastic Stack (ELK) and Sumo Logic integration out-of-box to make daily DFIR duties more manageable and efficient.


To learn more about AIR webhooks check this on this link.

Slack and Mattermost

You can now trigger an AIR acquisition directly from your favorite team collaboration app without having to go to the AIR console. AIR will automatically start the acquisition and once completed you can find the acquisition report in the AIR console.

Other improvements and fixes


  • Improved task queues

  • Improved triage performance

  • Improved handling of cancel tasks

  • Improved connection timeouts

  • Improved log rotation

  • Improved log format

  • Improved logging

  • Improved Triage case report

  • Updated the application icon for the Windows agent

  • Added timeout for evidence repositories on agent

  • Upgraded Yara to 4.1

  • Added Yara external variables and removed yara+ modules (file, process)

  • Enriched triage case report for file matches for Linux


  • Added retry for agent HTTP requests

  • Added retry for failed case file uploads

  • Introduced Linux system service restart on failure

  • Fixed compression progress reporting

  • Fixed HTTP response close

  • Fixed a race condition for HTTP transport

  • Fixed progress reporting

  • Fixed self match possibility of custom content collection for Linux

  • Fixed misc. minor bugs

  • Fixed timeline sort issue

  • Fixed viewing case.ppc issue on failed tasks

If there is any feature you would like to see in Binalyze AIR, please share it with us here.