# Binalyze AIR MCP Server

Enable natural language interaction with your Binalyze AIR system to manage assets, acquisition profiles, and organizations seamlessly. Use this server to list and query your AIR data through any MCP…

## Quick Start

```bash
# Connect this server (installs CLI if needed)
npx -y @smithery/cli@latest mcp add binalyze/air-mcp

# Browse available tools
npx -y @smithery/cli@latest tool list binalyze/air-mcp

# Get full schema for a tool
npx -y @smithery/cli@latest tool get binalyze/air-mcp list_assets

# Call a tool
npx -y @smithery/cli@latest tool call binalyze/air-mcp list_assets '{}'
```

## Tools (117)

- `list_assets` — List all assets in the system
- `get_asset_by_id` — Get detailed information about a specific asset by its ID
- `get_asset_tasks_by_id` — Get all tasks associated with a specific asset by its ID
- `list_acquisition_profiles` — List all acquisition profiles in the system
- `assign_acquisition_task` — Assign an evidence acquisition task to specific endpoints
- `get_acquisition_profile_by_id` — Get details of a specific acquisition profile by its ID
- `assign_image_acquisition_task` — Assign a disk image acquisition task to specific endpoints and volumes
- `create_acquisition_profile` — Create a new acquisition profile
- `assign_reboot_task` — Assign a reboot task to specific endpoints
- `assign_shutdown_task` — Assign a shutdown task to specific endpoints
- `assign_isolation_task` — Assign an isolation task to specific endpoints
- `assign_log_retrieval_task` — Assign a log retrieval task to specific endpoints
- `assign_version_update_task` — Assign a version update task to specific endpoints
- `list_organizations` — List all organizations in the system
- `list_cases` — List all cases in the system
- `list_policies` — List all policies in the system
- `list_tasks` — List all tasks in the system
- `list_triage_rules` — List all triage rules in the system
- `list_users` — List all users in the system
- `list_drone_analyzers` — List all drone analyzers in the system
- `export_audit_logs` — Initiate an export of audit logs from the AIR system
- `list_audit_logs` — List audit logs from the AIR system
- `uninstall_assets` — Uninstall specific assets based on filters without purging data. Requires specifying `filter.includedEndpointIds`.
- `purge_and_uninstall_assets` — Purge data and uninstall specific assets based on filters. Requires specifying `filter.includedEndpointIds`.
- `add_tags_to_assets` — Add tags to specific assets based on filters. Requires specifying `filter.includedEndpointIds` and `tags`.
- `remove_tags_from_assets` — Remove tags from specific assets based on filters. Requires specifying `filter.includedEndpointIds` and `tags`.
- `create_auto_asset_tag` — Create a new rule to automatically tag assets based on specified conditions for Linux, Windows, and macOS.
- `update_auto_asset_tag` — Update an existing auto asset tag rule.
- `get_auto_asset_tag_by_id` — Get details of a specific auto asset tag rule by its ID
- `delete_auto_asset_tag_by_id` — Delete a specific auto asset tag rule by its ID
- `list_auto_asset_tags` — List all auto asset tag rules in the system.
- `start_tagging` — Start the auto asset tagging process for assets matching filter criteria.
- `acquire_baseline` — Assign a baseline acquisition task to specific endpoints
- `compare_baseline` — Compare baseline acquisition tasks for a specific endpoint
- `get_comparison_report` — Get comparison result report for a specific endpoint and task
- `list_acquisition_artifacts` — List all acquisition artifacts available for evidence collection
- `list_e_discovery_patterns` — List all e-discovery patterns for file type detection
- `create_policy` — Create a new policy with specific storage and compression settings
- `update_policy` — Update an existing policy with specific storage and filter settings
- `get_policy_by_id` — Get detailed information about a specific policy by its ID
- `update_policy_priorities` — Update the priority order of policies
- `get_policy_match_stats` — Get statistics on how many endpoints match each policy based on filter criteria
- `delete_policy_by_id` — Delete a specific policy by its ID
- `get_task_assignments_by_id` — Get all assignments associated with a specific task by its ID
- `cancel_task_assignment` — Cancel a task assignment by its ID
- `delete_task_assignment` — Delete a specific task assignment by its ID
- `get_task_by_id` — Get detailed information about a specific task by its ID
- `cancel_task_by_id` — Cancel a specific task by its ID
- `delete_task_by_id` — Delete a specific task by its ID
- `list_triage_tags` — List all triage rule tags in the system
- `create_triage_tag` — Create a new triage rule tag
- `create_triage_rule` — Create a new triage rule
- `update_triage_rule` — Update an existing triage rule by ID
- `delete_triage_rule` — Delete an existing triage rule by ID
- `get_triage_rule_by_id` — Get a specific triage rule by its ID
- `validate_triage_rule` — Validate a triage rule syntax without creating it
- `assign_triage_task` — Assign a triage task to endpoints based on filter criteria
- `add_note_to_case` — Add a note to a specific case by its ID
- `update_note_in_case` — Update an existing note in a specific case
- `delete_note_from_case` — Delete a note from a case by its ID
- `export_cases` — Export cases data from the system
- `export_case_notes` — Export notes for a specific case by its ID
- `export_case_endpoints` — Export endpoints for a specific case by its ID
- `export_case_activities` — Export activities for a specific case by its ID
- `create_case` — Create a new case in the system
- `update_case` — Update an existing case by ID
- `get_case_by_id` — Get detailed information about a specific case by its ID
- `close_case_by_id` — Close a case by its ID
- `open_case_by_id` — Open a previously closed case by its ID
- `archive_case_by_id` — Archive a case by its ID
- `change_case_owner` — Change the owner of a case
- `check_case_name` — Check if a case name is already in use
- `get_case_activities` — Get activity history for a specific case by its ID
- `get_case_endpoints` — Get all endpoints associated with a specific case by its ID
- `get_case_tasks_by_id` — Get all tasks associated with a specific case by its ID
- `get_case_users` — Get all users associated with a specific case by its ID
- `remove_endpoints_from_case` — Remove endpoints from a case based on specified filters
- `remove_task_assignment_from_case` — Remove a specific task assignment from a case
- `import_task_assignments_to_case` — Import task assignments to a specific case
- `list_repositories` — List all evidence repositories in the system
- `get_repository_by_id` — Get detailed information about a specific evidence repository by its ID
- `create_smb_repository` — Create a new SMB evidence repository
- `update_smb_repository` — Update an existing SMB repository by ID
- `create_sftp_repository` — Create a new SFTP evidence repository
- `update_sftp_repository` — Update an existing SFTP repository
- `create_ftps_repository` — Create a new FTPS evidence repository
- `update_ftps_repository` — Update an existing FTPS evidence repository
- `validate_ftps_repository` — Validate FTPS repository configuration without creating it
- `create_azure_storage_repository` — Create a new Azure Storage repository
- `update_azure_storage_repository` — Update an existing Azure Storage repository
- `validate_azure_storage_repository` — Validate an Azure Storage repository configuration
- `create_amazon_s3_repository` — Create a new Amazon S3 repository for evidence storage
- `update_amazon_s3_repository` — Update an existing Amazon S3 repository
- `validate_amazon_s3_repository` — Validate Amazon S3 repository configuration
- `get_repository_by_id` — Get detailed information about a specific evidence repository by its ID
- `delete_repository` — Delete an evidence repository by its ID

---
*Response truncated. Use `npx -y @smithery/cli@latest` for complete data.*