// MCP TOOL REFERENCE

BINALYZE AIR MCP SERVER TOOLS

116 tools from the Binalyze AIR MCP Server MCP Server, categorised by risk level.

View the Binalyze AIR MCP Server policy →
// ALL 116 BINALYZE AIR MCP SERVER TOOLS
READ 45 tools
Read check_case_name Check if a case name is already in use Read check_organization_name_exists Check if an organization name already exists in the system Read download_case_ppc Download a PPC file for a specific endpoint and task Read download_task_report Download a task report for a specific endpoint and task Read get_acquisition_profile_by_id Get details of a specific acquisition profile by its ID Read get_asset_by_id Get detailed information about a specific asset by its ID Read get_asset_tasks_by_id Get all tasks associated with a specific asset by its ID Read get_auto_asset_tag_by_id Get details of a specific auto asset tag rule by its ID Read get_case_activities Get activity history for a specific case by its ID Read get_case_by_id Get detailed information about a specific case by its ID Read get_case_endpoints Get all endpoints associated with a specific case by its ID Read get_case_tasks_by_id Get all tasks associated with a specific case by its ID Read get_case_users Get all users associated with a specific case by its ID Read get_comparison_report Get comparison result report for a specific endpoint and task Read get_organization_by_id Get detailed information about a specific organization by its ID Read get_organization_users Get users for a specific organization by its ID Read get_policy_by_id Get detailed information about a specific policy by its ID Read get_policy_match_stats Get statistics on how many endpoints match each policy based on filter criteria Read get_report_file_info Get information about a PPC file for a specific endpoint and task Read get_repository_by_id Get detailed information about a specific evidence repository by its ID Read get_shareable_deployment_info Get shareable deployment information using a deployment token Read get_task_assignments Get all assignments for a specific task by its ID Read get_task_assignments_by_id Get all assignments associated with a specific task by its ID Read get_task_by_id Get detailed information about a specific task by its ID Read get_triage_rule_by_id Get a specific triage rule by its ID Read get_user_by_id Get detailed information about a specific user by their ID Read list_acquisition_artifacts List all acquisition artifacts available for evidence collection Read list_acquisition_profiles List all acquisition profiles in the system Read list_assets List all assets in the system Read list_audit_logs List audit logs from the AIR system Read list_auto_asset_tags List all auto asset tag rules in the system. Read list_cases List all cases in the system Read list_drone_analyzers List all drone analyzers in the system Read list_e_discovery_patterns List all e-discovery patterns for file type detection Read list_organizations List all organizations in the system Read list_policies List all policies in the system Read list_repositories List all evidence repositories in the system Read list_tasks List all tasks in the system Read list_triage_rules List all triage rules in the system Read list_triage_tags List all triage rule tags in the system Read list_users List all users in the system Read validate_amazon_s3_repository Validate Amazon S3 repository configuration Read validate_azure_storage_repository Validate an Azure Storage repository configuration Read validate_ftps_repository Validate FTPS repository configuration without creating it Read validate_triage_rule Validate a triage rule syntax without creating it
WRITE 53 tools
Write acquire_baseline Assign a baseline acquisition task to specific endpoints Write add_note_to_case Add a note to a specific case by its ID Write add_tags_to_assets Add tags to specific assets based on filters. Requires specifying `filter.includedEndpointIds` and `tags`. Write add_tags_to_organization Add tags to an organization Write archive_case_by_id Archive a case by its ID Write assign_acquisition_task Assign an evidence acquisition task to specific endpoints Write assign_image_acquisition_task Assign a disk image acquisition task to specific endpoints and volumes Write assign_isolation_task Assign an isolation task to specific endpoints Write assign_log_retrieval_task Assign a log retrieval task to specific endpoints Write assign_reboot_task Assign a reboot task to specific endpoints Write assign_shutdown_task Assign a shutdown task to specific endpoints Write assign_triage_task Assign a triage task to endpoints based on filter criteria Write assign_users_to_organization Assign users to a specific organization Write assign_version_update_task Assign a version update task to specific endpoints Write call_webhook Call a webhook with the specified parameters Write change_case_owner Change the owner of a case Write close_case_by_id Close a case by its ID Write compare_baseline Compare baseline acquisition tasks for a specific endpoint Write create_acquisition_profile Create a new acquisition profile Write create_amazon_s3_repository Create a new Amazon S3 repository for evidence storage Write create_auto_asset_tag Create a new rule to automatically tag assets based on specified conditions for Linux, Windows, and macOS. Write create_azure_storage_repository Create a new Azure Storage repository Write create_case Create a new case in the system Write create_ftps_repository Create a new FTPS evidence repository Write create_organization Create a new organization Write create_policy Create a new policy with specific storage and compression settings Write create_sftp_repository Create a new SFTP evidence repository Write create_smb_repository Create a new SMB evidence repository Write create_triage_rule Create a new triage rule Write create_triage_tag Create a new triage rule tag Write export_audit_logs Initiate an export of audit logs from the AIR system Write export_case_activities Export activities for a specific case by its ID Write export_case_endpoints Export endpoints for a specific case by its ID Write export_case_notes Export notes for a specific case by its ID Write export_cases Export cases data from the system Write import_task_assignments_to_case Import task assignments to a specific case Write open_case_by_id Open a previously closed case by its ID Write post_webhook Post data to a webhook Write update_amazon_s3_repository Update an existing Amazon S3 repository Write update_auto_asset_tag Update an existing auto asset tag rule. Write update_azure_storage_repository Update an existing Azure Storage repository Write update_banner_message Update the system banner message settings Write update_case Update an existing case by ID Write update_ftps_repository Update an existing FTPS evidence repository Write update_note_in_case Update an existing note in a specific case Write update_organization_by_id Update an existing organization by ID Write update_organization_deployment_token Update the deployment token for a specific organization Write update_organization_shareable_deployment Update an organization's shareable deployment settings Write update_policy Update an existing policy with specific storage and filter settings Write update_policy_priorities Update the priority order of policies Write update_sftp_repository Update an existing SFTP repository Write update_smb_repository Update an existing SMB repository by ID Write update_triage_rule Update an existing triage rule by ID
DESTRUCTIVE 17 tools
Destructive cancel_task_assignment Cancel a task assignment by its ID Destructive cancel_task_by_id Cancel a specific task by its ID Destructive delete_auto_asset_tag_by_id Delete a specific auto asset tag rule by its ID Destructive delete_note_from_case Delete a note from a case by its ID Destructive delete_organization Delete an organization by its ID Destructive delete_policy_by_id Delete a specific policy by its ID Destructive delete_repository Delete an evidence repository by its ID Destructive delete_tags_from_organization Delete specific tags from an organization Destructive delete_task_assignment Delete a specific task assignment by its ID Destructive delete_task_by_id Delete a specific task by its ID Destructive delete_triage_rule Delete an existing triage rule by ID Destructive purge_and_uninstall_assets Purge data and uninstall specific assets based on filters. Requires specifying `filter.includedEndpointIds`. Destructive remove_endpoints_from_case Remove endpoints from a case based on specified filters Destructive remove_tags_from_assets Remove tags from specific assets based on filters. Requires specifying `filter.includedEndpointIds` and `ta... Destructive remove_task_assignment_from_case Remove a specific task assignment from a case Destructive remove_user_from_organization Remove a user from an organization Destructive uninstall_assets Uninstall specific assets based on filters without purging data. Requires specifying `filter.includedEndpoi...
EXECUTE 1 tools
Execute start_tagging Start the auto asset tagging process for assets matching filter criteria.
// FAQ
How many tools does the Binalyze AIR MCP Server MCP server have? +

The Binalyze AIR MCP Server MCP server exposes 116 tools across 4 categories: Read, Write, Destructive, Execute.

How do I enforce policies on Binalyze AIR MCP Server tools? +

Route the Binalyze AIR MCP Server server through the PolicyLayer gateway. Define allow, deny, or approval rules per tool in the dashboard — they are enforced on every call before it reaches the server.

What risk categories do Binalyze AIR MCP Server tools fall into? +

Binalyze AIR MCP Server tools are categorised as Read (45), Write (53), Destructive (17), Execute (1). Each category has a recommended default policy.

Let agents act without letting them run wild.

Route your MCP servers through PolicyLayer and every tool call is checked against your policy before it runs — allow, deny, or require approval. Per-identity grants. Full audit log. Live in minutes.

SECURE YOUR MCP →

Free to start. No card required.

4,600+ MCP servers and 31,000+ tools scanned and risk-classified.

// GET IN TOUCH

Have a question or want to learn more? Send us a message.

Message sent.

We'll get back to you soon.