.png%3Falt%3Dmedia%26token%3D3c56f135-f35f-4b1d-ad36-dca78b5c9823)
.png%3Falt%3Dmedia%26token%3D3c56f135-f35f-4b1d-ad36-dca78b5c9823)
Architecture
A brief overview of system architecture
Binalyze AIR is an on-premise client-server solution that allows you to remotely perform a variety of tasks on endpoints such as collecting forensic evidence and performing triage with YARA.
Management Console is a web-based application that can be viewed from any device with an up-to-date browser.
Endpoints connect to the management console via a light-weight "passive" agent that can be deployed manually or via mechanisms such as SCCM.
As you might have already guessed from the term "passive agent", AIR agents:
- DO NOT scan anything on the endpoint which may cause slowdowns (e.g. your Antivirus),
- DO NOT block anything on the endpoint which may cause false-positives (e.g. your DLP),
- DO NOT create any alerts which may cause "alert-fatigue".
Last modified 1mo ago