create_acquisition_profile
Generate a new acquisition profile for Windows, Linux, macOS, or AIX systems, specifying evidence lists, artifact configurations, and network capture settings to streamline digital forensics and incident response processes.
Instructions
Create a new acquisition profile
Input Schema
Name | Required | Description | Default |
---|---|---|---|
aix | Yes | AIX specific configuration. Must include keys like `evidenceList` (array of strings), `artifactList` (array of strings, optional), and `customContentProfiles` (array). Example: { "evidenceList": ["logs"], ... } | |
eDiscovery | Yes | eDiscovery configuration. Must include the key `patterns` (array of objects with `pattern` and `category` strings). Example: { "patterns": [] } | |
linux | Yes | Linux specific configuration. Must include keys like `evidenceList` (array of strings), `artifactList` (array of strings, optional), `customContentProfiles` (array), and `networkCapture` (object). Example: { "evidenceList": ["logs"], ... } | |
macos | Yes | macOS specific configuration. Must include keys like `evidenceList` (array of strings), `artifactList` (array of strings, optional), `customContentProfiles` (array), and `networkCapture` (object). Example: { "evidenceList": ["logs"], ... } | |
name | Yes | Name for the new acquisition profile | |
organizationIds | No | Organization IDs to associate the profile with. Defaults to empty array. | |
windows | Yes | Windows specific configuration. Must include keys like `evidenceList` (array of strings), `artifactList` (array of strings, optional), `customContentProfiles` (array), and `networkCapture` (object). Example: { "evidenceList": ["evt"], "artifactList": [], "customContentProfiles": [], "networkCapture": { "enabled": false, "duration": 600, "pcap": { "enabled": false }, "networkFlow": { "enabled": false } } } |