116 tools from the Binalyze AIR MCP Server MCP Server, categorised by risk level.
View the Binalyze AIR MCP Server policy →check_case_name Check if a case name is already in use check_organization_name_exists Check if an organization name already exists in the system download_case_ppc Download a PPC file for a specific endpoint and task download_task_report Download a task report for a specific endpoint and task get_acquisition_profile_by_id Get details of a specific acquisition profile by its ID get_asset_by_id Get detailed information about a specific asset by its ID get_asset_tasks_by_id Get all tasks associated with a specific asset by its ID get_auto_asset_tag_by_id Get details of a specific auto asset tag rule by its ID get_case_activities Get activity history for a specific case by its ID get_case_by_id Get detailed information about a specific case by its ID get_case_endpoints Get all endpoints associated with a specific case by its ID get_case_tasks_by_id Get all tasks associated with a specific case by its ID get_case_users Get all users associated with a specific case by its ID get_comparison_report Get comparison result report for a specific endpoint and task get_organization_by_id Get detailed information about a specific organization by its ID get_organization_users Get users for a specific organization by its ID get_policy_by_id Get detailed information about a specific policy by its ID get_policy_match_stats Get statistics on how many endpoints match each policy based on filter criteria get_report_file_info Get information about a PPC file for a specific endpoint and task get_repository_by_id Get detailed information about a specific evidence repository by its ID get_shareable_deployment_info Get shareable deployment information using a deployment token get_task_assignments Get all assignments for a specific task by its ID get_task_assignments_by_id Get all assignments associated with a specific task by its ID get_task_by_id Get detailed information about a specific task by its ID get_triage_rule_by_id Get a specific triage rule by its ID get_user_by_id Get detailed information about a specific user by their ID list_acquisition_artifacts List all acquisition artifacts available for evidence collection list_acquisition_profiles List all acquisition profiles in the system list_assets List all assets in the system list_audit_logs List audit logs from the AIR system list_auto_asset_tags List all auto asset tag rules in the system. list_cases List all cases in the system list_drone_analyzers List all drone analyzers in the system list_e_discovery_patterns List all e-discovery patterns for file type detection list_organizations List all organizations in the system list_policies List all policies in the system list_repositories List all evidence repositories in the system list_tasks List all tasks in the system list_triage_rules List all triage rules in the system list_triage_tags List all triage rule tags in the system list_users List all users in the system 2/5 validate_amazon_s3_repository Validate Amazon S3 repository configuration validate_azure_storage_repository Validate an Azure Storage repository configuration validate_ftps_repository Validate FTPS repository configuration without creating it 3/5 validate_triage_rule Validate a triage rule syntax without creating it acquire_baseline Assign a baseline acquisition task to specific endpoints 2/5 add_note_to_case Add a note to a specific case by its ID 2/5 add_tags_to_assets Add tags to specific assets based on filters. Requires specifying `filter.includedEndpointIds` and `tags`. 2/5 add_tags_to_organization Add tags to an organization 2/5 archive_case_by_id Archive a case by its ID 2/5 assign_acquisition_task Assign an evidence acquisition task to specific endpoints 2/5 assign_image_acquisition_task Assign a disk image acquisition task to specific endpoints and volumes 2/5 assign_isolation_task Assign an isolation task to specific endpoints 2/5 assign_log_retrieval_task Assign a log retrieval task to specific endpoints 2/5 assign_reboot_task Assign a reboot task to specific endpoints 2/5 assign_shutdown_task Assign a shutdown task to specific endpoints 2/5 assign_triage_task Assign a triage task to endpoints based on filter criteria 2/5 assign_users_to_organization Assign users to a specific organization 2/5 assign_version_update_task Assign a version update task to specific endpoints 2/5 call_webhook Call a webhook with the specified parameters 2/5 change_case_owner Change the owner of a case 2/5 close_case_by_id Close a case by its ID 2/5 compare_baseline Compare baseline acquisition tasks for a specific endpoint 2/5 create_acquisition_profile Create a new acquisition profile 2/5 create_amazon_s3_repository Create a new Amazon S3 repository for evidence storage 2/5 create_auto_asset_tag Create a new rule to automatically tag assets based on specified conditions for Linux, Windows, and macOS. 2/5 create_azure_storage_repository Create a new Azure Storage repository 2/5 create_case Create a new case in the system 2/5 create_ftps_repository Create a new FTPS evidence repository 4/5 create_organization Create a new organization 2/5 create_policy Create a new policy with specific storage and compression settings 3/5 create_sftp_repository Create a new SFTP evidence repository 4/5 create_smb_repository Create a new SMB evidence repository 3/5 create_triage_rule Create a new triage rule 2/5 create_triage_tag Create a new triage rule tag 2/5 export_audit_logs Initiate an export of audit logs from the AIR system 2/5 export_case_activities Export activities for a specific case by its ID 2/5 export_case_endpoints Export endpoints for a specific case by its ID 2/5 export_case_notes Export notes for a specific case by its ID 2/5 export_cases Export cases data from the system 2/5 import_task_assignments_to_case Import task assignments to a specific case 2/5 open_case_by_id Open a previously closed case by its ID 2/5 post_webhook Post data to a webhook 3/5 update_amazon_s3_repository Update an existing Amazon S3 repository 2/5 update_auto_asset_tag Update an existing auto asset tag rule. 2/5 update_azure_storage_repository Update an existing Azure Storage repository 2/5 update_banner_message Update the system banner message settings 2/5 update_case Update an existing case by ID 2/5 update_ftps_repository Update an existing FTPS evidence repository 4/5 update_note_in_case Update an existing note in a specific case 2/5 update_organization_by_id Update an existing organization by ID 2/5 update_organization_deployment_token Update the deployment token for a specific organization 2/5 update_organization_shareable_deployment Update an organization's shareable deployment settings 2/5 update_policy Update an existing policy with specific storage and filter settings 3/5 update_policy_priorities Update the priority order of policies 2/5 update_sftp_repository Update an existing SFTP repository 4/5 update_smb_repository Update an existing SMB repository by ID 3/5 update_triage_rule Update an existing triage rule by ID 2/5 cancel_task_assignment Cancel a task assignment by its ID 4/5 cancel_task_by_id Cancel a specific task by its ID 4/5 delete_auto_asset_tag_by_id Delete a specific auto asset tag rule by its ID 4/5 delete_note_from_case Delete a note from a case by its ID 4/5 delete_organization Delete an organization by its ID 4/5 delete_policy_by_id Delete a specific policy by its ID 4/5 delete_repository Delete an evidence repository by its ID 4/5 delete_tags_from_organization Delete specific tags from an organization 4/5 delete_task_assignment Delete a specific task assignment by its ID 4/5 delete_task_by_id Delete a specific task by its ID 4/5 delete_triage_rule Delete an existing triage rule by ID 4/5 purge_and_uninstall_assets Purge data and uninstall specific assets based on filters. Requires specifying `filter.includedEndpointIds`. 4/5 remove_endpoints_from_case Remove endpoints from a case based on specified filters 4/5 remove_tags_from_assets Remove tags from specific assets based on filters. Requires specifying `filter.includedEndpointIds` and `tags`. 4/5 remove_task_assignment_from_case Remove a specific task assignment from a case 4/5 remove_user_from_organization Remove a user from an organization 4/5 uninstall_assets Uninstall specific assets based on filters without purging data. Requires specifying `filter.includedEndpointIds`. 4/5 The Binalyze AIR MCP Server MCP server exposes 116 tools across 4 categories: Read, Write, Destructive, Execute.
Use Intercept, the open-source MCP proxy. Write YAML rules for each tool — rate limits, argument validation, or deny rules — then run Intercept in front of the Binalyze AIR MCP Server server.
Binalyze AIR MCP Server tools are categorised as Read (45), Write (53), Destructive (17), Execute (1). Each category has a recommended default policy.
Open source. One binary. Zero dependencies.
npx -y @policylayer/intercept