assign_acquisition_task
Initiate digital evidence collection from specified endpoints for forensic investigation by assigning acquisition tasks with configurable parameters.
Instructions
Assign an evidence acquisition task to specific endpoints
Input Schema
TableJSON Schema
| Name | Required | Description | Default |
|---|---|---|---|
| caseId | Yes | The case ID to associate the acquisition with | |
| acquisitionProfileId | Yes | The acquisition profile ID to use for the task | |
| endpointIds | Yes | Array of endpoint IDs to collect evidence from | |
| organizationIds | No | Array of organization IDs to filter by. Defaults to [0] | |
| analyzers | No | Array of analyzer IDs to use (e.g. ["bha", "wsa"]) | |
| keywords | No | Array of keywords to search for | |
| cpuLimit | No | CPU usage limit percentage (1-100). Defaults to 80 | |
| enableCompression | No | Whether to enable compression. Defaults to true | |
| enableEncryption | No | Whether to enable encryption. Defaults to false | |
| encryptionPassword | No | Password for encryption if enabled |