acquire_baseline
Assign a baseline acquisition task to specific endpoints using filters like asset name, IP address, or platform, associated with a case ID for forensics and incident response in Binalyze AIR.
Instructions
Assign a baseline acquisition task to specific endpoints
Input Schema
Name | Required | Description | Default |
---|---|---|---|
caseId | Yes | The case ID to associate the baseline acquisition with | |
filter | Yes | Filter object to specify which assets to acquire baseline from |
Input Schema (JSON Schema)
{
"properties": {
"caseId": {
"description": "The case ID to associate the baseline acquisition with",
"type": "string"
},
"filter": {
"description": "Filter object to specify which assets to acquire baseline from",
"properties": {
"excludedEndpointIds": {
"description": "Array of endpoint IDs to exclude",
"items": {
"type": "string"
},
"type": "array"
},
"groupFullPath": {
"description": "Filter by full group path",
"type": "string"
},
"groupId": {
"description": "Filter by group ID",
"type": "string"
},
"includedEndpointIds": {
"description": "Array of endpoint IDs to include for baseline acquisition",
"items": {
"type": "string"
},
"type": "array"
},
"ipAddress": {
"description": "Filter by IP address",
"type": "string"
},
"isolationStatus": {
"description": "Filter by isolation status (e.g., [\"isolated\"])",
"items": {
"type": "string"
},
"type": "array"
},
"issue": {
"description": "Filter by issue",
"type": "string"
},
"managedStatus": {
"description": "Filter by managed status (e.g., [\"managed\"])",
"items": {
"type": "string"
},
"type": "array"
},
"name": {
"description": "Filter by asset name",
"type": "string"
},
"onlineStatus": {
"description": "Filter by online status (e.g., [\"online\"])",
"items": {
"type": "string"
},
"type": "array"
},
"organizationIds": {
"description": "Organization IDs filter. Defaults to [0]",
"items": {
"type": "number"
},
"type": "array"
},
"platform": {
"description": "Filter by platform (e.g., [\"windows\"])",
"items": {
"type": "string"
},
"type": "array"
},
"policy": {
"description": "Filter by policy",
"type": "string"
},
"searchTerm": {
"description": "Optional search term",
"type": "string"
},
"tags": {
"description": "Filter by tags",
"items": {
"type": "string"
},
"type": "array"
},
"version": {
"description": "Filter by agent version",
"type": "string"
}
},
"type": "object"
}
},
"required": [
"caseId",
"filter"
],
"type": "object"
}