Tom Blumenthal
Binalyze AIR Product Release v2.4.0
Welcome to the AIR Release Notes blog post series.
Welcome to the AIR Release Notes blog post series.
New features
-
interACT - A cross-platform remote shell session capability that allows the users to run commands on remote endpoints for triage, mitigation, and remediation purposes in situations such as cyber incident response activities.
interACT
With the latest version of Binalyze AIR, you can run commands in a full, privacy-oriented, remote shell.
The interACT feature is available across all platforms and it makes it possible for your security team to collect information and take action on remote endpoints in real-time. These actions include commands to facilitate the triage, mitigation, and remediation.
Besides having the capability to remotely access endpoints in real-time you can also assign user privileges on a granular level for the interACT feature and in this way keep the security controls tight. The Enumerate, Read Content and Write and Execute privileges define which commands a user has access to.
See below:
.png?width=332&name=MicrosoftTeams-image%20(90).png)
How does it work?
Starting interACT on an endpoint will open a cross-platform, remote command shell where you can use the listed set of commands as seen below:
.png?width=1339&name=MicrosoftTeams-image%20(88).png)
Upload files to your library to deploy them via the interACT shell.
Where is the output?
Every command from the shell is recorded to the Audit Log and a live report is generated for each session.
.png?width=1920&name=MicrosoftTeams-image%20(91).png)
Collected files can be saved to the evidence repository or downloaded directly via the browser.
How to enable interACT in Binalyze AIR?
In order to use this feature, you will first need to enable interACT in settings. The feature is turned off by default for security reasons and you must enable 2FA and SSL in order to turn it on.
.png?width=1949&name=MicrosoftTeams-image%20(89).png)
Other improvements and fixes
Improvements
-
Improved windows agent installation
-
Improved endpoint tag assignment
Increased timeout duration for Azure Blob Storage
Fixes
-
Fixed incorrect tag-endpoint count
-
Fixed scheduled instant execution
-
Fixed invalid SFTP port
-
Fixed returning wrong http status code for invalid evidence repository Id
-
Fixed organization search criteria
-
Fixed timeline wrong date range issue on export
-
Fixed multiple role assignment issue on UI
-
Fixed showing "Reset filter" button in the timeline
-
Fixed organizations tag gaps on the UI
-
Fixed privilege hierarchy issue between organization and global admin roles
-
Fixed not showing 404 page for case section
-
Fixed webhook URLs display issue in some cases
-
Fixed duplicated start date field in scheduled task detail
-
Fixed no link issue on "see details" text on Settings > Connection page
-
Fixed broken KB links for Webhooks and SSO
If there is any feature you would like to see in Binalyze AIR, please share it with us here.