create_acquisition_profile
Create a digital forensics acquisition profile to collect evidence from Windows, Linux, macOS, and AIX systems for incident response investigations.
Instructions
Create a new acquisition profile
Input Schema
TableJSON Schema
| Name | Required | Description | Default |
|---|---|---|---|
| name | Yes | Name for the new acquisition profile | |
| organizationIds | No | Organization IDs to associate the profile with. Defaults to empty array. | |
| windows | Yes | Windows specific configuration. Must include keys like `evidenceList` (array of strings), `artifactList` (array of strings, optional), `customContentProfiles` (array), and `networkCapture` (object). Example: { "evidenceList": ["evt"], "artifactList": [], "customContentProfiles": [], "networkCapture": { "enabled": false, "duration": 600, "pcap": { "enabled": false }, "networkFlow": { "enabled": false } } } | |
| linux | Yes | Linux specific configuration. Must include keys like `evidenceList` (array of strings), `artifactList` (array of strings, optional), `customContentProfiles` (array), and `networkCapture` (object). Example: { "evidenceList": ["logs"], ... } | |
| macos | Yes | macOS specific configuration. Must include keys like `evidenceList` (array of strings), `artifactList` (array of strings, optional), `customContentProfiles` (array), and `networkCapture` (object). Example: { "evidenceList": ["logs"], ... } | |
| aix | Yes | AIX specific configuration. Must include keys like `evidenceList` (array of strings), `artifactList` (array of strings, optional), and `customContentProfiles` (array). Example: { "evidenceList": ["logs"], ... } | |
| eDiscovery | Yes | eDiscovery configuration. Must include the key `patterns` (array of objects with `pattern` and `category` strings). Example: { "patterns": [] } |