Assets
Responder Updates
Manage updates for the AIR responders installed on assets.
This feature allows you to enable or disable automatic updates for responders. If enabled, the responders will automatically update to the latest version when a new release is available. This ensures that the responders are always running the most current version with all the latest features and security patches.
Deployment Tokens: These tokens are used to securely install and register responders on new assets, ensuring the responders communicate correctly with the AIR Console upon installation.
Backward Compatibility for AIR and Responder Updates
🔄 Clarifying Backward Compatibility in AIR 4.29+
Overview With AIR 4.29, we introduced a major improvement: decoupling AIR console updates from Responder updates. This gives teams greater flexibility when deploying AIR updates, especially in large-scale environments.
What This Means (and What It Doesn’t)
✅ Starting with AIR v4.29, the AIR console can be updated independently of Responder updates.
✅ All future AIR versions (4.29 and onward) will maintain backward compatibility with Responders that are also on version 4.29 or newer.
⚠️ Responders running versions older than 4.29 (e.g., 2.54.3) are not compatible with certain key features such as:
Evidence acquisition
Triage
interACT
Users with older Responder versions will see messages like:
"The asset’s AIR Responder must be updated to accept tasks."
To summarize: Backward compatibility begins from version 4.29 onwards. If your Responders are still on versions earlier than 4.29, they must be upgraded at least once to benefit from this compatibility model going forward.
Why This Matters Once all Responders are updated to v4.29+, you’ll no longer need to upgrade Responders with every new AIR console release — simplifying upgrades and reducing operational friction..
Tamper Detection
Enable alerts for tampering attempts on responders.
When Tamper Detection is enabled, the responder will actively monitor its own operation for any interference or attempts to disable it.
Functionality: If there is an attempt to modify or interfere with the responder (e.g., by disabling it or altering its files), the responder will notify the AIR Console, ensuring that any malicious attempts are flagged immediately.
This feature is critical for ensuring the integrity and continuous operation of responders in high-security environments.
Uninstallation Password
Prevent unauthorized uninstallation of responders by requiring a password.
When this feature is enabled, users will need to enter a protection password to uninstall the responder from an asset. This prevents unauthorized personnel from removing the responder, which could otherwise leave the asset vulnerable or unmonitored.
Uninstallation Method: The uninstallation process will be restricted to shell commands, meaning it can't be removed via a simple GUI or file system manipulation, adding an extra layer of security.
Active Directory (AD) Integration
Synchronize assets from Active Directory with AIR.
This feature allows Binalyze AIR to integrate with your Active Directory (AD) environment. You can specify the AD server (e.g., 10.0.0.1) and the domain (e.g., company.local) to automatically synchronize information about computers and users from AD into AIR.
LDAP Synchronization: By manually starting the LDAP synchronization, you can query Active Directory for specific objects such as computers, ensuring that AIR can discover and manage assets from your organization's AD.
The Query For Computers field (e.g.,
(&(objectCategory=computer))) uses an LDAP filter to query and sync only computer objects from the directory.Authentication: You will need to provide an AD username and password to authenticate and pull information from the directory.
Last updated
Was this helpful?