Skip to the main content.
TRY NOW
TRY NOW

2 min read

Binalyze December 2021 Product Updates

Picture of Tom Blumenthal Tom Blumenthal : Tue, Jan 4, '22

Binalyze Product Update DFIR Products & Solutions
Featured Image

Welcome to our monthly product updates roundup! Here’s a rundown of the new features and solutions we released in the past month that you can now take advantage of. 

AIR v2.2.1

In the past month we released a new version of AIR that includes the following new features:

  • Export key data to CSV

  • Out-of-the-box support for Elasticsearch Logstash Kibana (ELK) and Sumo Logic SIEM

  • Trigger an AIR acquisition from Slack and Mattermost

You can try for free now on www.binalyze.com/air.

Export key data to CSV

With the latest version of Binalyze AIR, you can export endpoints, case information, timelines, and audit logs to CSV.

How does it work? 

Click on the new export button and AIR will collect the data and start the download.

You can apply filters to export selected data. Exporting makes it easier to integrate AIR into your existing investigative workflows, reporting, and audit processes. 

binalyze-updates

 

Elastic Stack (ELK) and Sumo Logic 

Having Binalyze AIR integrated into your SIEM allows you to react in real-time by starting a forensic acquisition on the endpoint whenever there is a suspicious activity detected by the SIEM. By creating a simple rule, AIR acquires evidence and stores it in the chosen evidence repositories.

With this release, we incorporated Elastic Stack (ELK) and Sumo Logic integration out-of-box to make daily DFIR duties more manageable and efficient.

binalyze-product-updates

To learn more about AIR webhooks check this on this link.

Slack and Mattermost

You can now trigger an AIR acquisition directly from your favorite team collaboration app without having to go to the AIR console. AIR will automatically start the acquisition and once completed you can find the acquisition report in the AIR console. 

DRONE 2.0

In the past month we released a new version of DRONE that includes the following new features:

  • Diffing feature - this brand new mode makes it possible to compare a DRONE analysis to a baseline and list the differences between the two

  • Keyword & Hash Search -import keyword had hash lists from a file to automatically highlight matches in your search

Diffing feature

With the latest version of Binalyze DRONE, you can compare two Case(.ppc) files and highlight the differences between them.

How does it work? 

It compares the base (clean) image with the latest image taken and highlights all the changes for the analyst to review. It is supported in both CLI mode and Tower mode.

binalyze-product-updates

To learn more about the diffing feature go here.

Keyword & Hash Search

Binalyze DRONE already had a keyword search mechanism but with this feature, we further enhanced this module so you can now search for hash matches and even import lists from files.

binalyze-product-updates

To learn more about DRONE keyword & hash search check this article.

Which of these new updates and solutions will you be trying today? See you next month for more.