Welcome to the AIR Release Notes blog post series.
interACT - A cross-platform remote shell session capability that allows the users to run commands on remote endpoints for triage, mitigation, and remediation purposes in situations such as cyber incident response activities.
With the latest version of Binalyze AIR, you can run commands in a full, privacy-oriented, remote shell.
The interACT feature is available across all platforms and it makes it possible for your security team to collect information and take action on remote endpoints in real-time. These actions include commands to facilitate the triage, mitigation, and remediation.
Besides having the capability to remotely access endpoints in real-time you can also assign user privileges on a granular level for the interACT feature and in this way keep the security controls tight. The Enumerate, Read Content and Write and Execute privileges define which commands a user has access to.
How does it work?
Starting interACT on an endpoint will open a cross-platform, remote command shell where you can use the listed set of commands as seen below:
Upload files to your library to deploy them via the interACT shell.
Where is the output?
Every command from the shell is recorded to the Audit Log and a live report is generated for each session.
Collected files can be saved to the evidence repository or downloaded directly via the browser.
How to enable interACT in Binalyze AIR?
In order to use this feature, you will first need to enable interACT in settings. The feature is turned off by default for security reasons and you must enable 2FA and SSL in order to turn it on.
Other improvements and fixes
Fixed incorrect tag-endpoint count
Fixed scheduled instant execution
Fixed invalid SFTP port
Fixed returning wrong http status code for invalid evidence repository Id
Fixed organization search criteria
Fixed timeline wrong date range issue on export
Fixed multiple role assignment issue on UI
Fixed showing "Reset filter" button in the timeline
Fixed organizations tag gaps on the UI
Fixed privilege hierarchy issue between organization and global admin roles
Fixed not showing 404 page for case section
Fixed webhook URLs display issue in some cases
Fixed duplicated start date field in scheduled task detail
Fixed no link issue on "see details" text on Settings > Connection page
Fixed broken KB links for Webhooks and SSO
If there is any feature you would like to see in Binalyze AIR, please share it with us here.