binalyze/air-mcp

3.4

If you are the rightful owner of air-mcp and would like to certify it and/or have it hosted online, please leave a comment on the right or send an email to henry@mcphub.com.

Binalyze AIR MCP Server is a Node.js server implementing the Model Context Protocol (MCP) for Binalyze AIR, enabling natural language interaction with AIR's digital forensics and incident response capabilities.

Tools

Functions exposed to the LLM to take actions

list_assets

List all assets in the system

get_asset_by_id

Get detailed information about a specific asset by its ID

get_asset_tasks_by_id

Get all tasks associated with a specific asset by its ID

list_acquisition_profiles

List all acquisition profiles in the system

assign_acquisition_task

Assign an evidence acquisition task to specific endpoints

get_acquisition_profile_by_id

Get details of a specific acquisition profile by its ID

assign_image_acquisition_task

Assign a disk image acquisition task to specific endpoints and volumes

create_acquisition_profile

Create a new acquisition profile

assign_reboot_task

Assign a reboot task to specific endpoints

assign_shutdown_task

Assign a shutdown task to specific endpoints

assign_isolation_task

Assign an isolation task to specific endpoints

assign_log_retrieval_task

Assign a log retrieval task to specific endpoints

assign_version_update_task

Assign a version update task to specific endpoints

list_organizations

List all organizations in the system

list_cases

List all cases in the system

list_policies

List all policies in the system

list_tasks

List all tasks in the system

list_triage_rules

List all triage rules in the system

list_users

List all users in the system

list_drone_analyzers

List all drone analyzers in the system

export_audit_logs

Initiate an export of audit logs from the AIR system

list_audit_logs

List audit logs from the AIR system

uninstall_assets

Uninstall specific assets based on filters without purging data. Requires specifying filter.includedEndpointIds.

purge_and_uninstall_assets

Purge data and uninstall specific assets based on filters. Requires specifying filter.includedEndpointIds.

add_tags_to_assets

Add tags to specific assets based on filters. Requires specifying filter.includedEndpointIds and tags.

remove_tags_from_assets

Remove tags from specific assets based on filters. Requires specifying filter.includedEndpointIds and tags.

create_auto_asset_tag

Create a new rule to automatically tag assets based on specified conditions for Linux, Windows, and macOS.

update_auto_asset_tag

Update an existing auto asset tag rule.

get_auto_asset_tag_by_id

Get details of a specific auto asset tag rule by its ID

delete_auto_asset_tag_by_id

Delete a specific auto asset tag rule by its ID

list_auto_asset_tags

List all auto asset tag rules in the system.

start_tagging

Start the auto asset tagging process for assets matching filter criteria.

acquire_baseline

Assign a baseline acquisition task to specific endpoints

compare_baseline

Compare baseline acquisition tasks for a specific endpoint

get_comparison_report

Get comparison result report for a specific endpoint and task

list_acquisition_artifacts

List all acquisition artifacts available for evidence collection

list_e_discovery_patterns

List all e-discovery patterns for file type detection

create_policy

Create a new policy with specific storage and compression settings

update_policy

Update an existing policy with specific storage and filter settings

get_policy_by_id

Get detailed information about a specific policy by its ID

update_policy_priorities

Update the priority order of policies

get_policy_match_stats

Get statistics on how many endpoints match each policy based on filter criteria

delete_policy_by_id

Delete a specific policy by its ID

get_task_assignments_by_id

Get all assignments associated with a specific task by its ID

cancel_task_assignment

Cancel a task assignment by its ID

delete_task_assignment

Delete a specific task assignment by its ID

get_task_by_id

Get detailed information about a specific task by its ID

cancel_task_by_id

Cancel a specific task by its ID

delete_task_by_id

Delete a specific task by its ID

list_triage_tags

List all triage rule tags in the system

create_triage_tag

Create a new triage rule tag

create_triage_rule

Create a new triage rule

update_triage_rule

Update an existing triage rule by ID

delete_triage_rule

Delete an existing triage rule by ID

get_triage_rule_by_id

Get a specific triage rule by its ID

validate_triage_rule

Validate a triage rule syntax without creating it

assign_triage_task

Assign a triage task to endpoints based on filter criteria

add_note_to_case

Add a note to a specific case by its ID

update_note_in_case

Update an existing note in a specific case

delete_note_from_case

Delete a note from a case by its ID

export_cases

Export cases data from the system

export_case_notes

Export notes for a specific case by its ID

export_case_endpoints

Export endpoints for a specific case by its ID

export_case_activities

Export activities for a specific case by its ID

create_case

Create a new case in the system

update_case

Update an existing case by ID

get_case_by_id

Get detailed information about a specific case by its ID

close_case_by_id

Close a case by its ID

open_case_by_id

Open a previously closed case by its ID

archive_case_by_id

Archive a case by its ID

change_case_owner

Change the owner of a case

check_case_name

Check if a case name is already in use

get_case_activities

Get activity history for a specific case by its ID

get_case_endpoints

Get all endpoints associated with a specific case by its ID

get_case_tasks_by_id

Get all tasks associated with a specific case by its ID

get_case_users

Get all users associated with a specific case by its ID

remove_endpoints_from_case

Remove endpoints from a case based on specified filters

remove_task_assignment_from_case

Remove a specific task assignment from a case

import_task_assignments_to_case

Import task assignments to a specific case

list_repositories

List all evidence repositories in the system

get_repository_by_id

Get detailed information about a specific evidence repository by its ID

create_smb_repository

Create a new SMB evidence repository

update_smb_repository

Update an existing SMB repository by ID

create_sftp_repository

Create a new SFTP evidence repository

update_sftp_repository

Update an existing SFTP repository

create_ftps_repository

Create a new FTPS evidence repository

update_ftps_repository

Update an existing FTPS evidence repository

validate_ftps_repository

Validate FTPS repository configuration without creating it

create_azure_storage_repository

Create a new Azure Storage repository

update_azure_storage_repository

Update an existing Azure Storage repository

validate_azure_storage_repository

Validate an Azure Storage repository configuration

create_amazon_s3_repository

Create a new Amazon S3 repository for evidence storage

update_amazon_s3_repository

Update an existing Amazon S3 repository

validate_amazon_s3_repository

Validate Amazon S3 repository configuration

get_repository_by_id

Get detailed information about a specific evidence repository by its ID

delete_repository

Delete an evidence repository by its ID

download_case_ppc

Download a PPC file for a specific endpoint and task

download_task_report

Download a task report for a specific endpoint and task

get_report_file_info

Get information about a PPC file for a specific endpoint and task

get_organization_users

Get users for a specific organization by its ID

assign_users_to_organization

Assign users to a specific organization

remove_user_from_organization

Remove a user from an organization

create_organization

Create a new organization

update_organization_by_id

Update an existing organization by ID

get_organization_by_id

Get detailed information about a specific organization by its ID

check_organization_name_exists

Check if an organization name already exists in the system

get_shareable_deployment_info

Get shareable deployment information using a deployment token

update_organization_shareable_deployment

Update an organization's shareable deployment settings

update_organization_deployment_token

Update the deployment token for a specific organization

delete_organization

Delete an organization by its ID

add_tags_to_organization

Add tags to an organization

delete_tags_from_organization

Delete specific tags from an organization

get_user_by_id

Get detailed information about a specific user by their ID

call_webhook

Call a webhook with the specified parameters

post_webhook

Post data to a webhook

get_task_assignments

Get all assignments for a specific task by its ID

update_banner_message

Update the system banner message settings

Prompts

Interactive templates invoked by user choice

No prompts

Resources

Contextual data attached and managed by the client

No resources

Author

binalyze

Claim Ownership

Verify you have write access to the repository

Repository

https://github.com/binalyze/air-mcp

GitHub Stars

License

MIT License

Last publish date

2025-04-15

Last update date

2025-09-23

Server configs

in claude desktop

{
  "mcpServers": {
    "air-mcp": {
      "command": "npx",
      "args": ["-y", "@binalyze/air-mcp"],
      "env": {
        "AIR_HOST": "your-api-host.com",
        "AIR_API_TOKEN": "your-api-token"
      }
    }
  }
}

in cursor

{
  "mcpServers": {
    "air-mcp": {
      "command": "npx",
      "args": ["-y", "@binalyze/air-mcp"],
      "env": {
        "AIR_HOST": "your-api-host.com",
        "AIR_API_TOKEN": "your-api-token"
      }
    }
  }
}

in smithery

bash
npx -y @smithery/cli@latest install @binalyze/air-mcp --client claude --key {smithery_key}

Top Comments

This project provides a Model Context Protocol (MCP) integration for Basecamp 3, allowing Cursor to interact with Basecamp directly through the MCP protocol.

communication

unifi-network-mcp

3.5

by sirkirby

A self-hosted Model Context Protocol (MCP) server for UniFi Network Controller, providing programmable tools for network management.

security