Auto Asset Tagging

How to automatically tag your assets based on simple conditions.


Performing Digital Forensics at scale requires a proper classification of your assets.
Knowing how many web servers, domain controllers, or application servers you have highly decreases the response time while helping you focus on a group of devices on your network. This in turn increases the situational awareness in an investigation.

How it works

Auto Asset Tagging is a feature of Binalyze AIR that lets you automatically tag assets based on conditions such as:
  • Existence of a file or directory
  • Existence of a running process
You can easily AND/OR conditions and use environment variables as well.
This feature can be enabled from the Auto Asset Tagging section.
Once enabled, a newly deployed endpoint will be automatically assigned a task to query provided conditions, and based on the results, AIR will tag the endpoint using the Tag Name. If you want to re-run tagging on all endpoints, you can easily do this by clicking the "Run Now" button on the Auto Asset Tagging page.
There are a number of out-of-box supported asset tags such as IIS Server, Domain Controller, Mail Server, SQL Server but you can also create custom tags whenever you need them.