// initialise edge search node
import { Magellan } from '@binalyze/air-sdk'
import { AIR, Evidence } from '@binalyze/core'
const node = new Magellan({
  mode: 'distributed',
  indexing: 'none',
  scope: 'endpoint',
  parallel: true,
})
// run full-text search
const results = await node.search({
  query: 'confidential',
  filetypes: ['pdf', 'docx', 'xlsx'],
  roleValidation: true,
  maxDepth: 8,
})
// filter high-severity matches
const flagged = results.filter(r =>
  r.severity === 'high'
)
console.log(`Found ${results.count} matches`)
console.log(`Flagged ${flagged.length} high severity`)
// export findings to AIR case
await node.exportTo(air, flagged)

// compliance drift check
const schedule = await node.schedule({
  interval: '24h',
  regulation: 'GDPR',
  assets: endpoints.all(),
  notify: true,
})
// detect absence of required data
const gaps = await node.negativeSearch({
  required: ['retention-policy'],
  scope: 'all-endpoints',
  threshold: 0.95,
})
if (gaps.length > 0) {
  air.raiseAlert(gaps)
  air.notifyTeam('compliance')
}
// log schedule status
console.log(`Next run: ${schedule.nextRun}`)
console.log(`Assets monitored: ${schedule.assetCount}`)
// store audit trail
await air.audit.record(schedule)

// insider risk assessment
const risk = await node.assess({
  user: '[email protected]',
  department: 'finance',
  validateRole: true,
  lookback: '30d',
})
// score and triage findings
const scored = risk.findings.map(f => ({
  ...f,
  score: calcRisk(f),
}))
// attach to AIR investigation
await air.attachEvidence({
  caseId: 'IR-2025-0042',
  findings: scored,
  type: 'content-level',
  chain: true,
})
// generate audit report
const report = await air.report({
  caseId: 'IR-2025-0042',
  format: 'pdf',
})
// investigation complete
console.log(`Report: ${report.url}`)

Binalyze AIR · Magellan · eDiscovery

Investigate what's
inside.

Edge-native eDiscovery and full-text search built for the SOC and embedded in Binalyze AIR.

Because SOC investigations need evidence, not metadata.

See Magellan in Action Talk to an Investigator

The Questions Alerts Can't Answer

Security teams are under growing pressure to answer questions that detection tools can't.

What was actually in the file?

Should this data have been here?

Was access appropriate — and compliant?

The Problem

Security teams lack content-level visibility.

Most security investigations stop at metadata. Teams rely on filenames, hashes, permissions, or access logs — but never see what's actually inside files.

Traditional eDiscovery tools are built for legal teams, not incident response. They're centralized, slow, and disconnected from SOC workflows.

Investigations stall Waiting on other teams while attackers move freely

Threats go unnoticed Insider risk and policy violations hidden in plain sight

Compliance is asserted, not proven Regulatory requirements met by assumption, not evidence

Investigations are incomplete When content visibility is missing, the truth remains hidden

See What Detection Tools Can't

Content visibility, built for the SOC.

Magellan brings content visibility directly into SOC investigations. By running full-text search at the endpoint, analysts can inspect what is actually inside files without exporting data or relying on central indexing. The result is faster investigations, clearer evidence, and greater confidence when validating risk.

01 — SEARCH

Endpoint Content Search

Run full-text searches directly where the data lives across endpoints and distributed environments.

02 — VISIBILITY

Content-Level Visibility

Inspect what is actually inside files instead of relying on filenames, metadata, or assumptions.

03 — INTEGRATION

Embedded in AIR Investigations

Magellan operates natively inside Binalyze AIR, extending investigations with content-level evidence.

04 — POLICY

Insider Risk and Compliance Validation

Confirm whether sensitive or regulated data aligns with user roles, policies, and access expectations.

05 — SCALE

Scalable Distributed Search

Search across thousands of endpoints simultaneously to uncover hidden exposure quickly.

06 — COMPLIANCE

Compliance Drift Detection

Run scheduled searches to identify policy violations and data risks before they become incidents.

How It Works

Three steps to investigative clarity.

This approach scales across hybrid environments, without adding operational overhead.

Search at the Edge

Magellan executes full-text search where the data resides — reducing latency and avoiding central processing delays entirely.

Investigative Context Returned

Analysts gain immediate insight into file contents, location, and access — without exporting sensitive data off the endpoint.

Findings Integrate into AIR

Content-level evidence becomes part of the broader investigation workflow, alongside forensic and behavioral data.

Why Magellan

Investigations that matter.

Investigate Insider Risk

Quickly search for sensitive or inappropriate content stored on endpoints without waiting on IT or legal teams. Move at the speed of the investigation.

Prove Compliance with Evidence

Validate data placement and access for DORA, NIS2, and GDPR with auditable, content-level insight. Replace assertions with proof.

Proactive Data Risk Assessment

Identify at-risk content before an alert, breach, or audit forces a reactive response. Control risks before they become incidents.

Accelerate Security Investigations

Answer critical "what was in the file?" questions early — reducing investigation time, uncertainty, and mean time to resolution.

Part of Binalyze AIR

Embedded in the platform you already trust.

Magellan extends automated investigation workflows with content-level visibility, complementing SIEM, EDR, and XDR by answering the questions alerts can't.

Delivering clarity, context, and confidence when it matters most.

SIEM EDR XDR SOAR GDPR NIS2 DORA

Binalyze AIR · Investigation Workflow

SIEM / EDR Alert

TRIGGER

AIR automated triage

Forensic Collection

ARTIFACT

content investigation

Magellan Content Search

NEW ◆

enriched findings

Investigation Report & Evidence

OUTPUT

Investigate what'sinside.