LogoLogo
CtrlK
Back to binalyze.com
  • AIR Knowledge Base
  • AIR
    • AIR Platform
      • What is AIR?
      • Terminology
      • Architecture
        • AIR Responder Architecture; overview and performance analysis
        • AIR Task Flow and Management
      • Network Communication
      • Cloud Forensics
    • Setup
      • Relay Server
        • What is Relay Server?
        • Requirements for installation
        • How to install a Relay Server on different Linux platforms
        • How to change IP address of Relay Server
        • How to install a Responder with Relay Server support
        • Proxy configurations
          • Adding proxy to Relay Server
          • Adding proxy to Responder
        • Service Management for Relay Server
        • Whitelisting for Relay Server
        • Retrieving metrics from Relay Server
        • Updating and Uninstalling Relay Server
        • Troubleshooting
      • Responder
        • Responder Hardware Requirements
        • Responder - Supported Operating Systems
          • Responder - MS Windows supported systems
          • Responder - Apple macOS supported systems
          • Responder - Linux (DEB/RPM) supported systems
          • ESXi Standalone Collector
          • Responder - Chrome supported systems
            • AIR For Chrome
        • Responder for Golden Images
        • Responder and Active Directory OUs
        • Responder Exception Rules
          • AIR Watchdog Folder
        • FDA via Jamf and Apple's PPPC utility
        • Responder in Windows Safe Mode
      • Security
        • Two-factor authentication (2FA)
    • Settings
      • Console Settings
        • General
        • Assets
        • Security
        • Features
        • Evidence Repositories
        • Policies
        • User Management
          • User Groups
          • User Roles
        • Backup
        • Investigation Hub Disk Usage
        • Danger Zone
      • Organization Settings
      • Account Settings
    • Updating
      • Console Updating - SaaS
    • Features
      • API
        • API is likely to be more effective than Webhooks
      • Asset Isolation
      • Acquisition
        • Acquisition Profiles
          • Supported Evidence
          • IBM AIX Collections
          • Linux Collections
          • macOS Collections
          • Windows Collections
            • $Boot
            • $LogFile
            • $Secure:$SDS
            • $TxfLog $Tops:$T
            • ARP Table
            • Active Script Event Consumers
            • Amcache
            • Antivirus Information
            • AppCompatCache
            • AppPaths
            • Artifacts
            • Browser Extensions
            • CIDSizeMRU
            • CLR Logs
            • Chrome Bookmarks
            • Chrome Browsing History
            • Chrome Cookies
            • Chrome Downloads
            • Chrome Extensions
            • Chrome Favicons
            • Chrome Form History
            • Chrome Local Storage
            • Chrome Login Data
            • Chrome Sessions
            • Chrome Thumbnails
            • Chrome User Profiles
            • Chrome Web Storage
            • Clipboard
            • Command Line Event Consumers
            • Crash Dump Information
            • DNS Cache
            • DNS Servers
            • Default Browser
            • Docker Changes
            • Docker Container Logs
            • Docker Containers
            • Docker Image History
            • Docker Images
            • Docker Info
            • Docker Logs
            • Docker Networks
            • Docker Tops
            • Docker Volumes
            • Downloaded Files Information
            • Driver Objects
            • Drivers List
            • ETL Logs
            • Edge Bookmarks
            • Edge Browsing History
            • Edge Cookies
            • Edge Downloads
            • Edge Extensions
            • Edge Favicons
            • Edge Form History
            • Edge Local Storage
            • Edge Login Data
            • Edge Sessions
            • Edge Thumbnails
            • Edge User Profiles
            • Edge Web Storage
            • Environment Variables
            • Event Logs
            • EventTranscript DB
            • FileExts
            • Firefox Browsing History
            • Firefox Cookies
            • Firefox Downloads
            • Firefox Extensions
            • Firewall Rules
            • FirstFolder
            • Hibernation File
            • Hosts File
            • IE 10-11 & Edge Browsing History
            • IE 7-8-9 Browsing History
            • INF Setup Logs
            • IPv4 Routes
            • Iconcache
            • Installed Applications
            • Jumplist
            • LastVisitedPidlMRU
            • Lnk Files
            • MFT (Binary)
            • MFT Mirror
            • MFT as CSV
            • Map Network Drive MRU
            • Master Boot Record (MBR)
            • NTDS.dit
            • Network Adapters
            • Network Capture
            • Network Shares
            • Object Directory
            • OfficeMRU
            • Old Registry Hives
            • OpenSavePidlMRU
            • PDB Information
            • Page File
            • PowerShell Logs
            • Powershell History
            • Prefetch Files
            • Processes and Modules
            • Proxy Information
            • Quick Assist
            • RAM Image
            • RDP Cache Files
            • RecentDocs
            • RecentFileCache.bcf
            • Recycle Bin Information
            • Registry Hives
            • Registry Items
            • Registry Persistence
            • RunMRU
            • SRUM
            • Sam
            • Scheduled Tasks
            • Service List
            • Shadow Copy as CSV
            • ShellBags
            • ShellFolders
            • Shim Database
            • Startup Items
            • Superfetch
            • Swap File
            • System Restore Points Information
            • TCP Table
            • Thumbcache
            • Timeline
            • TypedPaths
            • TypedURLs
            • UDP Table
            • USB Storage History
            • USN Journal $Max
            • USN Journal (Binary)
            • USN Journal as CSV
            • Ual
            • User Folders
            • UserAssist
            • Users
            • Volume Information
            • WBEM Files
            • Window Screenshots
            • Windows Index Search
            • Winrar
            • Wireless History
            • WordWheelQuery
            • Windows Collections Detail
        • Chain Of Custody
        • Disk and Volume Imaging
          • Imaging with interACT
        • Scheduling Tasks
        • Task Creation
          • Asset Management with Persistent Saved Filters
          • Regex in DRONE:
          • Task Cancellation and Deletion
      • Auto Tagging & Tags
        • Tags
      • Compare
      • Console Audit Logs
      • DRONE
        • Analyzers
          • Cross Platform Analyzers
            • Browser History Analyzer
            • Dynamo Analyzer
            • Generic WebShell Analyzer
            • MITRE ATT&CK Analyzer
              • MITRE ATT&CK Analyzer changelog
          • Linux Analyzers
          • macOS Analyzers
            • Audit Event Analyzer
          • Windows Analyzers
            • Prefetch Analyzer
            • Shellbag Data Fields
            • Windows Event Records and how they are handled
              • Event Records Summary vs. Event Records
              • Windows Event Logs in v4.21 and older versions
        • What is an Analysis Pipeline?
        • What is DRONE?
      • Event Subscription
      • Evidence Repositories
        • Generating a SAS URL
      • File Explorer
        • File Explorer - FAQs
      • Fleet AI
      • Integrations
        • Microsoft Azure Cloud Platform Integration
        • SSO Integrations
          • FortiAuthenticator SAML 2.0 SSO Integration
          • Microsoft Azure SSO Integration
          • Okta SAML 2.0 SSO Integration
        • Webhooks
          • Carbon Black Cloud Integration
          • Cisco XDR Integration
          • Cortex XSOAR Integration
          • Crowdstrike Integration
          • Dynatrace Integration
          • Elasticsearch Logstash Kibana Integration
          • Fortigate SIEM Integration
          • IBM QRadar Integration
          • LogicHub SOAR (DEVO) Integration
          • Mattermost Integration
          • Microsoft 365 Defender Integration
          • Microsoft Sentinel Integration
          • Rapid7 InsightIDR Integration
          • SentinelOne Integration
          • ServiceNow Integration
          • Slack Integration
          • Splunk Integration
          • Stellar XDR Integration
          • Sumo Logic Integration
          • Wazuh Integration
      • interACT
        • interACT Commands
        • interACT Command Snippets
        • PowerShell commands in interACT
      • Investigation Hub
        • Investigation Hub – Data Usage Statistics Dashboard
        • Using the Investigation Hub
      • Off-Network Responder
        • biunzip
          • biunzip password file
        • Setting Up a Custom Case Directory
      • Policies
      • Proxy Configuration on the Console
      • Repository Explorer
      • Responder Proxy Support
      • Timeline
      • Tornado (Preview Version)
        • Getting Started with Tornado
          • Tornado Terminology
        • Tornado Collectors
          • Access Modes in O365
            • O365 license types
          • Accessing Google Workspace
            • Service Account Creation
              • Enable Service Account Key Creation
        • Tornado Demo
        • Tornado FAQs
        • Tornado Installation Guide
          • Tornado Operating System Support
        • Tornado Troubleshooting & Feedback
        • Updating Tornado
      • Triage
        • Schedule Triage Tasks
        • Triage Rule Templates
          • Sigma Templates
          • YARA Templates
          • osquery Templates
    • Integrations
      • Microsoft Azure Cloud Platform Integration
      • SSO Integrations
        • Microsoft Azure SSO Integration
        • Okta SAML 2.0 SSO Integration
        • FortiAuthenticator SAML 2.0 SSO Integration
      • Webhooks
        • Mattermost Integration
        • Splunk Integration
        • IBM QRadar Integration
        • Wazuh Integration
        • Cortex XSOAR Integration
        • Elasticsearch Logstash Kibana Integration
        • ServiceNow Integration
        • Sumo Logic Integration
        • Crowdstrike Integration
        • Microsoft Sentinel Integration
        • Slack Integration
        • Carbon Black Cloud Integration
        • Rapid7 InsightIDR Integration
        • LogicHub SOAR (DEVO) Integration
        • Fortigate SIEM Integration
        • Dynatrace Integration
        • Stellar XDR Integration
        • SentinelOne Integration
        • Microsoft 365 Defender Integration
        • Cisco XDR Integration
    • Troubleshooting
      • Understanding MSI Error Code 1618
      • How to gather logs for Troubleshooting
        • Collecting Console Log Files
        • Collecting Responder Log Files
        • Collecting Off-Network Responder Log Files
    • FAQs
      • How to download the collected evidence and artifacts?
      • How to gather logs for Troubleshooting
        • Collecting Console Log Files
        • Collecting Responder Log Files
        • Collecting Off-Network Responder Log Files
      • Responder troubleshooting
      • Understanding Port Usage
      • How many assets can connect to a single Console instance?
      • How do I enable SSL on Console?
      • Can I use AIR with EDR/XDR Products?
      • Can I integrate AIR with my SOAR/SIEM?
      • What external URLs are used?
      • Docker & Host System IP Conflict
      • Monitoring Responder and UI API's
      • How do I update Responders on assets?
      • How to reset the password of a user via the CLI?
      • Is there a way to move an asset from one Organization or Case to another?
      • Creating exclusions/exception rules for Responder on EPP and EDR Solutions
      • Anything missing?
  • Self-Hosted
    • Setup
      • Console Hardware Requirements
      • Pre-Installation Requirements
      • Installation Guide
        • Post-Deployment Configuration Guide
        • Using CLI on Console
      • Security
        • Console Access Control
        • Trust Center: Your Security and Compliance Hub
        • SSL Enforcement
          • SSL Certificate Management
      • Uninstalling Responders
    • Updating
      • 2-Tier Systems
      • Single-Tier Systems
      • Single-Tier Systems
    • Backup
      • Restore Backup Using the CLI
    • FAQs
      • Console Backup Procedure
      • Console CPU Profiling for Performance Issues
      • Console Migration Procedure for 2-Tier Installation
      • Console Migration Procedure for Single-Tier Setup
      • How can I install a version that isn't the latest?
      • How do I update console? * Roadmap
      • Resolving the "Invalid Host Header. Host must be the Console Address" Error
  • General
    • Licenses - Open-Source Software List
Powered by GitBook
On this page

Was this helpful?

  1. AIR
  2. Features

Integrations

How to integrate AIR for a fully automated Incident Response

SSO IntegrationsMicrosoft Azure Cloud Platform IntegrationSplunk IntegrationIBM QRadar IntegrationWazuh IntegrationCortex XSOAR IntegrationElasticsearch Logstash Kibana IntegrationMattermost IntegrationServiceNow IntegrationSumo Logic IntegrationCrowdstrike IntegrationMicrosoft Sentinel IntegrationSlack IntegrationCarbon Black Cloud IntegrationRapid7 InsightIDR IntegrationLogicHub SOAR (DEVO) IntegrationFortigate SIEM IntegrationDynatrace IntegrationStellar XDR IntegrationSentinelOne IntegrationMicrosoft 365 Defender IntegrationCisco XDR Integration
PreviousFleet AINextMicrosoft Azure Cloud Platform Integration

Last updated 1 month ago

Was this helpful?