Back to binalyze.com

interACT Command Snippets

Overview

The Command Snippets Library in interACT introduces a major usability boost for remote command execution in AIR. It allows analysts to standardize, share, and quickly execute common commands without retyping or hunting through notes.

Snippets can be acessed directly in the interACT terminal window from where they can be copied, pasted or run directly in the current session. This reduces repetitive typing, accelerates response times, and ensures consistency across teams.

How It Works

  • Predefined Snippets: A library of common investigation and response commands is provided out-of-the-box. These can be run directly or copy/pasted into a session.

  • Custom Snippets: Analysts can create their own commands, define supported platforms (Windows, Linux, macOS), and save them to the Library for reuse and sharing. These snippets can be global or organization-specific. (With the release of AIR v5.7 the character limit increases from 2000 to 5000.)

  • Library Management:

    • Edit, delete (for custom snippets), or import/export via text files.

    • Categorization by description, advanced filtering and ownership tracking are supported.

    • Predefined snippets cannot currently be deleted.

    • Users can apply Tags to Command Snippets to streamline management and filtering. You can view and modify all Tags using the Manage Tags button in the Command Snippets library.

Benefits

  • Speed: Eliminate repetitive typing and have long, complex, frequently used commands instantly available.

  • Consistency: Standardize investigative workflows across your team.

  • Scalability: Quickly search, and filter hundreds of snippets during critical investigations.

  • Flexibility: Maintain an evolving library of commands tailored to your environment.

System-Generated Command Snippets

To get users started we have supplied some predefined System-generated snippets that are available by default in every environment. These are designed to cover common investigative and forensic tasks without requiring manual setup.

List of System Snippets:

  • List mounted volumes with volumes

  • Preview file beginning with head

  • Verify file integrity with hash

  • Inspect running processes with pslist

  • Compress or extract archives with zip

  • Query system state with osquery

  • Pull evidence to console with get

  • Display directory contents ``

PreviousinterACT CommandsNextPowerShell commands in interACT

Last updated

Was this helpful?