create_acquisition_profile

Define and configure acquisition profiles for digital forensics and incident response on Binalyze AIR MCP Server, specifying evidence, artifacts, and network capture settings for Windows, Linux, macOS, and AIX systems.

Instructions

Create a new acquisition profile

Input Schema

Name	Required	Description
`aix`	Yes	AIX specific configuration. Must include keys like `evidenceList` (array of strings), `artifactList` (array of strings, optional), and `customContentProfiles` (array). Example: { "evidenceList": ["logs"], ... }
`eDiscovery`	Yes	eDiscovery configuration. Must include the key `patterns` (array of objects with `pattern` and `category` strings). Example: { "patterns": [] }
`linux`	Yes	Linux specific configuration. Must include keys like `evidenceList` (array of strings), `artifactList` (array of strings, optional), `customContentProfiles` (array), and `networkCapture` (object). Example: { "evidenceList": ["logs"], ... }
`macos`	Yes	macOS specific configuration. Must include keys like `evidenceList` (array of strings), `artifactList` (array of strings, optional), `customContentProfiles` (array), and `networkCapture` (object). Example: { "evidenceList": ["logs"], ... }
`name`	Yes	Name for the new acquisition profile
`organizationIds`	No	Organization IDs to associate the profile with. Defaults to empty array.
`windows`	Yes	Windows specific configuration. Must include keys like `evidenceList` (array of strings), `artifactList` (array of strings, optional), `customContentProfiles` (array), and `networkCapture` (object). Example: { "evidenceList": ["evt"], "artifactList": [], "customContentProfiles": [], "networkCapture": { "enabled": false, "duration": 600, "pcap": { "enabled": false }, "networkFlow": { "enabled": false } } }

Input Schema (JSON Schema)

{
  "properties": {
    "aix": {
      "description": "AIX specific configuration. Must include keys like `evidenceList` (array of strings), `artifactList` (array of strings, optional), and `customContentProfiles` (array). Example: { \"evidenceList\": [\"logs\"], ... }",
      "type": "object"
    },
    "eDiscovery": {
      "description": "eDiscovery configuration. Must include the key `patterns` (array of objects with `pattern` and `category` strings). Example: { \"patterns\": [] }",
      "type": "object"
    },
    "linux": {
      "description": "Linux specific configuration. Must include keys like `evidenceList` (array of strings), `artifactList` (array of strings, optional), `customContentProfiles` (array), and `networkCapture` (object). Example: { \"evidenceList\": [\"logs\"], ... }",
      "type": "object"
    },
    "macos": {
      "description": "macOS specific configuration. Must include keys like `evidenceList` (array of strings), `artifactList` (array of strings, optional), `customContentProfiles` (array), and `networkCapture` (object). Example: { \"evidenceList\": [\"logs\"], ... }",
      "type": "object"
    },
    "name": {
      "description": "Name for the new acquisition profile",
      "type": "string"
    },
    "organizationIds": {
      "description": "Organization IDs to associate the profile with. Defaults to empty array.",
      "items": {
        "type": "string"
      },
      "type": "array"
    },
    "windows": {
      "description": "Windows specific configuration. Must include keys like `evidenceList` (array of strings), `artifactList` (array of strings, optional), `customContentProfiles` (array), and `networkCapture` (object). Example: { \"evidenceList\": [\"evt\"], \"artifactList\": [], \"customContentProfiles\": [], \"networkCapture\": { \"enabled\": false, \"duration\": 600, \"pcap\": { \"enabled\": false }, \"networkFlow\": { \"enabled\": false } } }",
      "type": "object"
    }
  },
  "required": [
    "name",
    "windows",
    "linux",
    "macos",
    "aix",
    "eDiscovery"
  ],
  "type": "object"
}

Binalyze AIR MCP Server

create_acquisition_profile

Instructions

Input Schema

Input Schema (JSON Schema)

Other Tools from Binalyze AIR MCP Server

Related Tools

MCP directory API