Skip to the main content.

1 min read

Binalyze AIR Product Release v2.3.5

Featured Image

Welcome to the AIR Release Notes blog post series.

New features

  • Sigma rule triage for Windows

  • Autocomplete functionality in interACT

  • ServiceNow is available out-of-the-box in the Webhooks section

Sigma rules

With the latest version of Binalyze AIR, you can run custom Sigma rules on Windows machines to scan event records.

product-release-air

 

You can either upload a Sigma rule or create your own using the Sigma editor in the AIR console which includes rule validation capability.

product-release-air2.3.5 

Autocomplete functionality to interACT

You can now use the 'Tab' key on your keyboard to autocomplete your interACT commands. This makes typing commands in the interACT cross-platform remote shell a lot quicker and hustle-free.

ServiceNow is available out-of-the-box

One of the big milestones in the journey towards an automated incident response environment is the task of integrating your organization’s Security Information Event Management system with proactive digital forensic solutions. With each release, AIR's out-of-the-box integrations section is expanding, and this version introduces ServiceNow integration out-of-box to make daily DFIR duties more manageable and efficient.

product-release-air-235

 

Other improvements and fixes

Improvements

  • Added new privilege to allow changing endpoint label

  • Added auto asset tag rules for Docker and Kubernetes

  • Added version information to settings

  • Added ability to handle Unicode file paths in YARA scanner

  • Added ability to specify a temporary staging directory for acquisition tasks that use evidence repository

  • Improved evidence collection on low capacity endpoints by letting AIR automatically select the volume with the greatest available free space (credits: Babak M.)

  • Improved evidence repository background upload mechanism with persistent retries

  • Improved case export functionality


Fixes

  • Fixed minor memory leak of canceled tasks

  • Fixed minor logging issues

  • Fixed interACT exec command stdin issues on Windows

  • Fixed a bug related to listing unsupported drone analyzers

  • Fixed case filter issue

  • Fixed policy list on task creation, missing policies

  • Fixed case-sensitive username issues

  • Fixed case day counter

  • Fixed minor bugs on the report

  • Fixed other minor bugs


If there is any feature you would like to see in Binalyze AIR, please share it with us here.