Skip to content
AIR Knowledge Base
Search
Ctrl
K
Cancel
binalyze.com
AIR
Home
Overview
What is AIR?
Terminology
Architecture
Overview
AIR Responder Architecture; overview and performance analysis
AIR Task Flow and Management
Network Communication
Cloud Forensics
Overview
GCP Deployment: Technical Details
Setup
Overview
Relay Server
Overview
RelayPro
Proxy configurations (Legacy)
Overview
Adding proxy to Relay Server
Legacy Relay Server (Deprecated)
Responder
Overview
Responder Hardware Requirements
Responder - Supported Operating Systems
Responder for Golden Images
Responder and Active Directory OUs
Responder Exception Rules for EPP and EDR
Overview
AIR Watchdog Folder
FDA via Jamf and Apple's PPPC utility
Responder Tamper Detection
Responder in Windows Safe Mode
Proxy Configurations
Overview
Adding proxy to Responder
Additional Proxy Details
Security
Overview
Two-factor authentication (2FA)
Settings
Overview
Console Settings
Overview
General
Assets
Security
Features
Evidence Repositories
Policies
User Management
Backup
Investigation Hub Disk Usage
Danger Zone
Organization Settings
Account Settings
Submitting Feedback
Updating
Overview
Console Updating - SaaS
Features
Overview
API
Overview
API is likely to be more effective than Webhooks
Asset Isolation
Overview
Maintenance Mode
Acquisition
Overview
Acquisition Profiles
Disk and Volume Imaging
Overview
Imaging with interACT
macOS Disk Imaging
Scheduling Tasks
Task Creation
Overview
Asset Management with Persistent Saved Filters
Regex in DRONE:
Task Cancellation and Deletion
Auto Tagging & Tags
Overview
Tags
Chain Of Custody
Compare
Console Audit Logs
DRONE
Overview
What is DRONE?
Server-side DRONE Analysis
What is an Analysis Pipeline?
Analyzers
MITRE ATT\&CK Analyzer changelog
Event Subscription
Evidence Repositories
Overview
Generating a SAS URL
File Explorer
Overview
File Explorer - FAQs
Fleet AI
Full Text Search
Hunt/Triage
Overview
Schedule Hunt/Triage Tasks
Hunt/Triage Rule Templates
Overview
Sigma Templates
YARA Templates
osquery Templates
Integrations
Overview
Microsoft Azure Cloud Platform Integration
SSO Integrations
Webhooks
Overview
Carbon Black Cloud Integration
Cisco XDR Integration
Cortex XSOAR Integration
Crowdstrike Integration
Dynatrace Integration
Elasticsearch Logstash Kibana Integration
Fortigate SIEM Integration
IBM QRadar Integration
LogicHub SOAR (DEVO) Integration
Mattermost Integration
Microsoft 365 Defender Integration
Microsoft Sentinel Integration
Rapid7 InsightIDR Integration
SentinelOne Integration
ServiceNow Integration
Slack Integration
Splunk Integration
Stellar XDR Integration
Sumo Logic Integration
Wazuh Integration
interACT
Overview
interACT Commands
interACT Command Snippets
PowerShell commands in interACT
Investigation Hub
Overview
Investigation Hub – Data Usage Statistics Dashboard
Using the Investigation Hub
Off-Network Responder
Overview
biunzip
Overview
biunzip password file
Setting Up a Custom Case Directory
Policies
Proxy Configuration on the Console
Repository Explorer
Responder Proxy Support
Timeline
Tornado (Preview Version)
Integrations
Overview
Microsoft Azure Cloud Platform Integration
SSO Integrations
Webhooks
Overview
Mattermost Integration
Splunk Integration
IBM QRadar Integration
Wazuh Integration
Cortex XSOAR Integration
Elasticsearch Logstash Kibana Integration
ServiceNow Integration
Sumo Logic Integration
Crowdstrike Integration
Microsoft Sentinel Integration
Slack Integration
Carbon Black Cloud Integration
Rapid7 InsightIDR Integration
LogicHub SOAR (DEVO) Integration
Fortigate SIEM Integration
Dynatrace Integration
Stellar XDR Integration
SentinelOne Integration
Microsoft 365 Defender Integration
Cisco XDR Integration
Troubleshooting
Overview
Understanding MSI Error Code 1618
Collecting Responder Log Files
Collecting Off-Network Responder Log Files
FAQs
Overview
How to download the collected evidence and artifacts?
Collecting Responder Log Files
Managing database usage
Collecting Off-Network Responder Log Files
Responder troubleshooting
Understanding Port Usage
How many assets can connect to a single Console instance?
Can I use AIR with EDR/XDR Products?
Can I integrate AIR with my SOAR/SIEM?
What external URLs are used?
Monitoring Responder and UI API's
How do I update Responders on assets?
Is there a way to move an asset from one Organization or Case to another?
Anything missing?
Self-Hosted
Setup
Overview
Console Hardware Requirements
Pre-Installation Requirements
Installation Guide
Overview
Post-Deployment Configuration Guide
Using CLI on Console
Security
Overview
Console Access Control
Trust Center: Your Security and Compliance Hub
SSL Enforcement
Overview
SSL Certificate Management
Uninstalling Responders
Updating
Overview
2-Tier Systems
Single-Tier Systems
Backup
Overview
Restore Backup Using the CLI
FAQs
Overview
How to gather logs for Troubleshooting
Overview
Collecting Console Log Files
Console Backup Procedure
Console CPU Profiling for Performance Issues
Docker & Host System IP Conflict
How can I install a version that isn't the latest?
How do I maintain the on-prem AIR host?
How do I update Console?
How to reset the password of a user via the CLI?
Resolving the "Invalid Host Header. Host must be the Console Address" Error
Roadmap
General
Open Source Licenses
binalyze.com
AIR Knowledge Base
On this page
Overview
SSO Integrations
Microsoft Azure Cloud Platform Integration
Okta SAML 2.0 SSO Integration
FortiAuthenticator SAML 2.0 SSO Integration with AIR
