create_acquisition_profile

Generate a new acquisition profile for Windows, Linux, macOS, or AIX systems, specifying evidence lists, artifact configurations, and network capture settings to streamline digital forensics and incident response processes.

Instructions

Create a new acquisition profile

Input Schema

Name	Required	Description
`aix`	Yes	AIX specific configuration. Must include keys like `evidenceList` (array of strings), `artifactList` (array of strings, optional), and `customContentProfiles` (array). Example: { "evidenceList": ["logs"], ... }
`eDiscovery`	Yes	eDiscovery configuration. Must include the key `patterns` (array of objects with `pattern` and `category` strings). Example: { "patterns": [] }
`linux`	Yes	Linux specific configuration. Must include keys like `evidenceList` (array of strings), `artifactList` (array of strings, optional), `customContentProfiles` (array), and `networkCapture` (object). Example: { "evidenceList": ["logs"], ... }
`macos`	Yes	macOS specific configuration. Must include keys like `evidenceList` (array of strings), `artifactList` (array of strings, optional), `customContentProfiles` (array), and `networkCapture` (object). Example: { "evidenceList": ["logs"], ... }
`name`	Yes	Name for the new acquisition profile
`organizationIds`	No	Organization IDs to associate the profile with. Defaults to empty array.
`windows`	Yes	Windows specific configuration. Must include keys like `evidenceList` (array of strings), `artifactList` (array of strings, optional), `customContentProfiles` (array), and `networkCapture` (object). Example: { "evidenceList": ["evt"], "artifactList": [], "customContentProfiles": [], "networkCapture": { "enabled": false, "duration": 600, "pcap": { "enabled": false }, "networkFlow": { "enabled": false } } }

Input Schema (JSON Schema)

{
  "properties": {
    "aix": {
      "description": "AIX specific configuration. Must include keys like `evidenceList` (array of strings), `artifactList` (array of strings, optional), and `customContentProfiles` (array). Example: { \"evidenceList\": [\"logs\"], ... }",
      "type": "object"
    },
    "eDiscovery": {
      "description": "eDiscovery configuration. Must include the key `patterns` (array of objects with `pattern` and `category` strings). Example: { \"patterns\": [] }",
      "type": "object"
    },
    "linux": {
      "description": "Linux specific configuration. Must include keys like `evidenceList` (array of strings), `artifactList` (array of strings, optional), `customContentProfiles` (array), and `networkCapture` (object). Example: { \"evidenceList\": [\"logs\"], ... }",
      "type": "object"
    },
    "macos": {
      "description": "macOS specific configuration. Must include keys like `evidenceList` (array of strings), `artifactList` (array of strings, optional), `customContentProfiles` (array), and `networkCapture` (object). Example: { \"evidenceList\": [\"logs\"], ... }",
      "type": "object"
    },
    "name": {
      "description": "Name for the new acquisition profile",
      "type": "string"
    },
    "organizationIds": {
      "description": "Organization IDs to associate the profile with. Defaults to empty array.",
      "items": {
        "type": "string"
      },
      "type": "array"
    },
    "windows": {
      "description": "Windows specific configuration. Must include keys like `evidenceList` (array of strings), `artifactList` (array of strings, optional), `customContentProfiles` (array), and `networkCapture` (object). Example: { \"evidenceList\": [\"evt\"], \"artifactList\": [], \"customContentProfiles\": [], \"networkCapture\": { \"enabled\": false, \"duration\": 600, \"pcap\": { \"enabled\": false }, \"networkFlow\": { \"enabled\": false } } }",
      "type": "object"
    }
  },
  "required": [
    "name",
    "windows",
    "linux",
    "macos",
    "aix",
    "eDiscovery"
  ],
  "type": "object"
}

Binalyze AIR MCP Server

create_acquisition_profile

Instructions

Input Schema

Input Schema (JSON Schema)

Other Tools from Binalyze AIR MCP Server

Related Tools

MCP directory API