Welcome to the AIR Release Notes blog post series.
Export key data to CSV
Out-of-the-box support for Elasticsearch Logstash Kibana (ELK) and Sumo Logic SIEM
Trigger an AIR acquisition from Slack and Mattermost
Export key data to CSV
With the latest version of Binalyze AIR, you can export endpoints, case information, timelines, and audit logs to CSV.
How does it work?
Click on the new export button and AIR will collect the data and start the download.
You can apply filters to export selected data.
Exporting makes it easier to integrate AIR into your existing investigative workflows, reporting, and audit processes.
Elastic Stack (ELK) and Sumo Logic
Having Binalyze AIR integrated into your SIEM allows you to react in real-time by starting a forensic acquisition on the endpoint whenever there is a suspicious activity detected by the SIEM. By creating a simple rule, AIR acquires evidence and stores it in the chosen evidence repositories.
With this release, we incorporated Elastic Stack (ELK) and Sumo Logic integration out-of-box to make daily DFIR duties more manageable and efficient.
You can now trigger an AIR acquisition directly from your favorite team collaboration app without having to go to the AIR console. AIR will automatically start the acquisition and once completed you can find the acquisition report in the AIR console.
Other improvements and fixes
Improved task queues
Improved triage performance
Improved handling of cancel tasks
Improved connection timeouts
Improved log rotation
Improved log format
Improved Triage case report
Updated the application icon for the Windows agent
Added timeout for evidence repositories on agent
Upgraded Yara to 4.1
Added Yara external variables and removed yara+ modules (file, process)
Enriched triage case report for file matches for Linux
Added retry for agent HTTP requests
Added retry for failed case file uploads
Introduced Linux system service restart on failure
Fixed compression progress reporting
Fixed HTTP response close
Fixed a race condition for HTTP transport
Fixed progress reporting
Fixed self match possibility of custom content collection for Linux
Fixed misc. minor bugs
Fixed timeline sort issue
Fixed viewing case.ppc issue on failed tasks
If there is any feature you would like to see in Binalyze AIR, please share it with us here.