.png%3Falt%3Dmedia%26token%3D3c56f135-f35f-4b1d-ad36-dca78b5c9823)
.png%3Falt%3Dmedia%26token%3D3c56f135-f35f-4b1d-ad36-dca78b5c9823)
Information About Consolidated Report
Binalyze AIR has always presented its Acquisition and Triage results within a single HTML Case report, allowing users to view the output in a dedicated report for each individual endpoint.
With the release of version 3.5.1, AIR can now generate a Consolidated Report, which is a single, easy-to-read DFIR intelligence report, that displays Acquisition and Triage acquired data from multiple endpoints in the one report.
The Consolidated Report built into Binalyze AIR, is accessible from the Cases page, under the each tab.
The Consolidated Report will include DRONE results from selected assets in an individual Case. For ease of use and operational effectiveness, the results in the report are graphically visualized, listed, categorized and prioritized.
- When required, investigators and analysts can drill down from the Consolidated Report to access all the endpoints individual Case reports.
The Consolidated Report is only available for Cases that were opened after the Consolidated Report functionality has been activated.
In order to leverage consolidated data for Cases that were opened before any such activation, users must close and then reopen that particular case after activation. (Note - This update process may take some time depending on the amount of data that that needs to be prepared for the new Consolidated Report).
- 1.All in one place - all AIR data acquisitions, results of DRONE analysis and Triage scans of the assets related to a chosen case - are now available in one place, makes the analysts and investigators work must faster and simpler.
- 2.Efficiency and Speed - analysts can navigate easily to a specific endpoint in the Case, but at the same time leverage information from all of their endpoints in a high-level overview of the entire Case. Therefore, much faster decisions can be made - such as where to start and focus investigations, but also where to divert resources when new information is highlighted by the Consolidated Report. All multi-asset investigations become far more efficient with Consolidated Reporting.
Yes, to consolidate all the data and results in a single report, some architectural changes have been made to the AIR infrastructure. The most important change was the addition of a new database layer.
In order to run the Consolidated Report feature, the new database instance has to be deployed, and some other configuration changes and updates need to be made. Please refer to the below for a detailed explanation.
Go ahead and read our Information about version 3.5 - Installation and /migration process
Another major change in the Console:
DRONE, our post acquisition analyzer, displays some of this data in a graphical overview which highlights the top 5 assets in need of further immediate investigation. It also provides (a) centralized navigation, (b) filter options and (c) enhanced search functionality, all of which significantly speeds up any investigation.