Binalyze AIR Product Release v2.4.0
Welcome to the AIR Release Notes blog post series.
Welcome to the AIR Release Notes blog post series.
New features
e-Discovery collection in acquisition profiles
Agent Tamper Detection
Agent support for ARM64 Linux is here!
interACT enriched with curl and hex commands
The Binalyze AIR acquisition profile editor got a new look which makes it easier to go step-by-step to select the evidence you need from each of the different operating systems, and now there is also a new section with over 1,000 different file extensions for easy collection across the entire system, regardless of OS!
This feature will create an audit log notification if an attempt to tamper with the agent by uninstalling, stopping, or changing it, has been detected. The notification can then be sent to your SIEM solution to create an alert. Head on to AIR settings to turn this on.
This was a popular request from a large number of our users and customers so we incorporated the feature into our roadmap right away. With this release, it is officially available.
The AIR agent now supports all previously listed Linux distributions also on the ARM64 architecture (aarch64)
We enhanced the user experience with the DRONE module within AIR so you can easily access the keyword search feature that allows you to find and highlight words and phrases on live machines remotely. Now you can use flexible keywords and wildcards to searches for a file, URL, IP address, or anything else, to quickly highlight matches with our anomaly scanning engine to speed up your investigation.
With the addition of the curl command, users can now utilize the full capability of the curl library remotely, on both Windows and Linux systems. This includes the ability to send suspicious files or hash values to third-party service providers like Virus Total, sandbox solutions, or other intelligence providers. This powerful feature allows you also to download files directly from the internet to the endpoints.
The hex command will print hex values and representation while investigating files remotely in an interACT session.
Improvements
Added IP Address column to Endpoint table
Added silent installation tooltip for SCCM agent deployment
Added endpoint name to audit log filter
Improved zip command in interACT - Now zips to folder
Added new metrics for case report memory section
Fixes
Fixed unquoted service path issue after a config update (CVE-2021-42563)
Fixed minor issues on timeline export
Fixed duplicated user validation issue
Fixed evidence repository name and path validation issue
Fixed system resource usage not updating in interACT session issue
Fixed renaming evidence repository issue
Fixed an issue that allowed task assignment to endpoints with an old agent
Fixed webhook addresses not updated after a change of console address
Fixed SFTP current directory support
Fixed opening report issue in Safari browser
Fixed minor issue on Sigma rule parser
Fixed minor issue on Drone table
Fixed minor UI issues
If there is any feature you would like to see in Binalyze AIR, please share it with us here.