Binalyze AIR Product Release v2.4.0

New features

e-Discovery collection in acquisition profiles

The Binalyze AIR acquisition profile editor got a new look which makes it easier to go step-by-step to select the evidence you need from each of the different operating systems, and now there is also a new section with over 1,000 different file extensions for easy collection across the entire system, regardless of OS!

Tamper detection

This feature will create an audit log notification if an attempt to tamper with the agent by uninstalling, stopping, or changing it, has been detected. The notification can then be sent to your SIEM solution to create an alert. Head on to AIR settings to turn this on.

Agent support for ARM64 Linux

This was a popular request from a large number of our users and customers so we incorporated the feature into our roadmap right away. With this release, it is officially available.

The AIR agent now supports all previously listed Linux distributions also on the ARM64 architecture (aarch64)

DRONE keyword search capability

We enhanced the user experience with the DRONE module within AIR so you can easily access the keyword search feature that allows you to find and highlight words and phrases on live machines remotely. Now you can use flexible keywords and wildcards to searches for a file, URL, IP address, or anything else, to quickly highlight matches with our anomaly scanning engine to speed up your investigation.

interACT enriched with curl and hex commands

With the addition of the curl command, users can now utilize the full capability of the curl library remotely, on both Windows and Linux systems. This includes the ability to send suspicious files or hash values to third-party service providers like Virus Total, sandbox solutions, or other intelligence providers. This powerful feature allows you also to download files directly from the internet to the endpoints. 

The hex command will print hex values and representation while investigating files remotely in an interACT session.

Other improvements and fixes

Improvements

• Added IP Address column to Endpoint table

• Added silent installation tooltip for SCCM agent deployment

• Added endpoint name to audit log filter

• Improved zip command in interACT - Now zips to folder

• Added new metrics for case report memory section

Fixes

• Fixed unquoted service path issue after a config update (CVE-2021-42563)

• Fixed minor issues on timeline export

• Fixed duplicated user validation issue

• Fixed evidence repository name and path validation issue

• Fixed system resource usage not updating in interACT session issue

• Fixed renaming evidence repository issue

• Fixed an issue that allowed task assignment to endpoints with an old agent

• Fixed webhook addresses not updated after a change of console address

• Fixed SFTP current directory support

• Fixed opening report issue in Safari browser

• Fixed minor issue on Sigma rule parser

• Fixed minor issue on Drone table

• Fixed minor UI issues

If there is any feature you would like to see in Binalyze AIR, please share it with us here.