Welcome to the AIR Release Notes blog post series.
New features
-
Sigma rule triage for Windows
-
Autocomplete functionality in interACT
-
ServiceNow is available out-of-the-box in the Webhooks section
Sigma rules
With the latest version of Binalyze AIR, you can run custom Sigma rules on Windows machines to scan event records.
You can either upload a Sigma rule or create your own using the Sigma editor in the AIR console which includes rule validation capability.
Autocomplete functionality to interACT
You can now use the 'Tab' key on your keyboard to autocomplete your interACT commands. This makes typing commands in the interACT cross-platform remote shell a lot quicker and hustle-free.
ServiceNow is available out-of-the-box
One of the big milestones in the journey towards an automated incident response environment is the task of integrating your organization’s Security Information Event Management system with proactive digital forensic solutions. With each release, AIR's out-of-the-box integrations section is expanding, and this version introduces ServiceNow integration out-of-box to make daily DFIR duties more manageable and efficient.
Other improvements and fixes
Improvements
-
Added new privilege to allow changing endpoint label
-
Added auto asset tag rules for Docker and Kubernetes
-
Added version information to settings
-
Added ability to handle Unicode file paths in YARA scanner
-
Added ability to specify a temporary staging directory for acquisition tasks that use evidence repository
-
Improved evidence collection on low capacity endpoints by letting AIR automatically select the volume with the greatest available free space (credits: Babak M.)
-
Improved evidence repository background upload mechanism with persistent retries
-
Improved case export functionality
Fixes
-
Fixed minor memory leak of canceled tasks
-
Fixed minor logging issues
-
Fixed interACT exec command stdin issues on Windows
-
Fixed a bug related to listing unsupported drone analyzers
-
Fixed case filter issue
-
Fixed policy list on task creation, missing policies
-
Fixed case-sensitive username issues
-
Fixed case day counter
-
Fixed minor bugs on the report
-
Fixed other minor bugs
If there is any feature you would like to see in Binalyze AIR, please share it with us here.