assign_image_acquisition_task

Initiate disk image acquisition tasks on specified endpoints and volumes, enabling forensic data collection for incident response and analysis. Configure parameters like bandwidth, compression, and encryption for precise control.

Instructions

Assign a disk image acquisition task to specific endpoints and volumes

Input Schema

Name	Required	Description
`bandwidthLimit`	No	Bandwidth limit in KB/s. Defaults to 100000
`caseId`	No	The case ID to associate the acquisition with (optional)
`chunkCount`	No	Number of chunks to acquire. Defaults to 0 (acquire until end).
`chunkSize`	No	Chunk size in bytes. Defaults to 1048576
`enableCompression`	No	Whether to enable compression. Defaults to true
`enableEncryption`	No	Whether to enable encryption. Defaults to false
`encryptionPassword`	No	Password for encryption if enabled
`endpoints`	Yes	Array of endpoints and volumes to image (e.g., [{"endpointId": "uuid", "volumes": ["/dev/sda1"]}]). At least one endpoint and one volume per endpoint required.
`organizationIds`	No	Array of organization IDs. Defaults to [0]
`repositoryId`	Yes	The repository ID where the image will be saved
`startOffset`	No	Offset in bytes to start acquisition from. Defaults to 0.

Input Schema (JSON Schema)

{
  "properties": {
    "bandwidthLimit": {
      "description": "Bandwidth limit in KB/s. Defaults to 100000",
      "type": "number"
    },
    "caseId": {
      "description": "The case ID to associate the acquisition with (optional)",
      "type": [
        "string",
        "null"
      ]
    },
    "chunkCount": {
      "description": "Number of chunks to acquire. Defaults to 0 (acquire until end).",
      "type": "number"
    },
    "chunkSize": {
      "description": "Chunk size in bytes. Defaults to 1048576",
      "type": "number"
    },
    "enableCompression": {
      "description": "Whether to enable compression. Defaults to true",
      "type": "boolean"
    },
    "enableEncryption": {
      "description": "Whether to enable encryption. Defaults to false",
      "type": "boolean"
    },
    "encryptionPassword": {
      "description": "Password for encryption if enabled",
      "type": "string"
    },
    "endpoints": {
      "description": "Array of endpoints and volumes to image (e.g., [{\"endpointId\": \"uuid\", \"volumes\": [\"/dev/sda1\"]}]). At least one endpoint and one volume per endpoint required.",
      "items": {
        "properties": {
          "endpointId": {
            "type": "string"
          },
          "volumes": {
            "items": {
              "type": "string"
            },
            "type": "array"
          }
        },
        "required": [
          "endpointId",
          "volumes"
        ],
        "type": "object"
      },
      "type": "array"
    },
    "organizationIds": {
      "description": "Array of organization IDs. Defaults to [0]",
      "items": {
        "type": "number"
      },
      "type": "array"
    },
    "repositoryId": {
      "description": "The repository ID where the image will be saved",
      "type": "string"
    },
    "startOffset": {
      "description": "Offset in bytes to start acquisition from. Defaults to 0.",
      "type": "number"
    }
  },
  "required": [
    "repositoryId",
    "endpoints"
  ],
  "type": "object"
}

Binalyze AIR MCP Server

assign_image_acquisition_task

Instructions

Input Schema

Input Schema (JSON Schema)

Other Tools from Binalyze AIR MCP Server

Related Tools

MCP directory API