General

Version Information

This section provides details on the versions of various components of the Binalyze AIR platform, helping administrators ensure that all parts of the system are up to date.

1. AIR: The main application version (e.g., 4.23.3). This represents the core platform's release and includes the latest features and security updates.

2. DB (Database): The version of the database used by AIR (e.g., 6.0.7), which stores all data related to the platform’s taskings and configuration settings.

3. Responder: The version of the AIR responder (e.g., 2.50.5) installed on assets for data acquisition and remote interaction.

4. DRONE: The version of the DRONE analysis engine (e.g., 3.11.0), which processes collected evidence to deliver findings and insights on this and some live artifacts through automated analyzers.

5. TACTICAL: These versions indicate the status of various responders for different operating systems, including Linux, macOS, Windows, and the legacy version for older Windows systems. For example, the latest responders are at version 3.12.1, ensuring up-to-date compatibility with operating system environments.

6. MITRE ATT&CK Analyzer: This version (e.g., 7.0.0) refers to the built-in mapping against the MITRE ATT&CK framework, which helps identify adversary tactics, techniques, and procedures during investigations.

7. Disk Image Explorer: This component (e.g., version 1.0.0) provides functionality for exploring disk and volume images acquired during investigations.

Logging

1. Log Level: Determines the verbosity of logging within AIR. Adjusting the log level can help in debugging or keeping track of system activity.

2. Log Files: Provides access to the system's log files, which are useful for auditing, troubleshooting, and reviewing system performance and security events.

License

This section provides details about the current licensing status of the Binalyze AIR installation.

1. License Key: Displays the license key currently in use (e.g., AIR-TEST-LICENSE).

2. Valid Until: The expiration date of the license (e.g., 2025.09.29), which tells you how long the platform is licensed for.

3. Max Client: The maximum number of assets (clients) that can be managed under this license (e.g., 1,000,000 assets).

4. In Use: The number of assets currently being monitored by AIR (e.g., 447,908 assets).

5. Remaining: The number of asset slots still available (e.g., 552,092 assets). This helps ensure scalability and license compliance.

Connection

1. Console Address: This is the current address of the AIR Console (e.g., air-demo.binalyze.com) where asset responders are polling to check for any tasking assignments that need execution.

   • Important: Changing this address will trigger a migration process, which will cause all assets to connect to the new address while deregistering from the old one.

2. Console Proxy: Settings for configuring an internet proxy that AIR can use to connect to external services, such as updates or external evidence storage.

   • Address: The IP address of the proxy (e.g., 10.0.0.1).

   • Port: The port used for proxy communication (e.g., 0).

   • Username and Password: Credentials for authenticating with the proxy.

3. Certificate Authority (CA): If your organization uses a custom CA for SSL communication, this setting allows you to upload the certificate in the appropriate format for secure connections between assets and the AIR Console.

System Resources

Displays information about the system where AIR is installed, helping monitor and optimize performance.

1. CPU:

   • Cores: The number of processor cores (e.g., 8), indicating the processing power available for handling AIR tasks.

   • CPU Type: Details of the CPU model (e.g., Intel Xeon Processor, Skylake architecture).

   • Flags: A list of supported CPU features (e.g., SSE, HT, etc.), indicating hardware capabilities relevant to performance.

2. Memory:

   • Total Memory: The total available system memory (e.g., 32.87 GB).

   • Used Memory: The amount of memory currently in use (e.g., 5.29 GB).

   • Free Memory: The remaining available memory (e.g., 27.58 GB), ensures that there are enough resources to handle future operations.

3. File System:

   • Total Storage: The total storage space available (e.g., 315.93 GB).

   • Used Storage: How much storage is currently used (e.g., 189.46 GB).

   • Partition: The partition where AIR data is stored (e.g., /dev/sdb1). Monitoring this ensures sufficient space for data storage and logging.