Binalyze AIR MCP Server
A Node.js server implementing Model Context Protocol (MCP) that enables natural language interaction with Binalyze AIR's digital forensics and incident response capabilities.
README
Binalyze AIR MCP Server
<p align="center"> <img src="./src/assets/bi-logo.png" alt="AIR Logo" width="180"/> </p>
A Node.js server implementing Model Context Protocol (MCP) for Binalyze AIR, enabling natural language interaction with AIR's digital forensics and incident response capabilities.
✨ Features
- Asset Management - List assets in your organization.
- Acquisition Profiles - List acquisition profiles.
- Organization Management - List organizations.
- Case Management - List cases in your organization.
- Policy Management - See security policies across your organization.
- Task Management - Track forensic collection tasks and their statuses.
- Triage Rules - View YARA, Osquery and Sigma rules for threat detection.
- User Management - List users in your organization.
Overview
This MCP server creates a bridge between Large Language Models (LLMs) and Binalyze AIR, allowing interaction through natural language. Retrieve information about your digital forensics environment without writing code or learning complex APIs.
🔑 API Token Requirement
Important: An API token is required for authentication. Set it using the
AIR_API_TOKENenvironment variable.
📦 Installation
Local Development
# Clone the repository
git clone https://github.com/binalyze/air-mcp
# Change to the project directory
cd air-mcp
# Install dependencies
npm install
# Build the project
npm run build
Usage with Claude Desktop
Add the following configuration to your Claude Desktop config file:
{
"mcpServers": {
"air-mcp": {
"command": "npx",
"args": ["-y", "@binalyze/air-mcp"],
"env": {
"AIR_HOST": "your-api-host.com",
"AIR_API_TOKEN": "your-api-token"
}
}
}
}
Usage with Cursor
- Navigate to Cursor Settings > MCP
- Add new MCP server with the following configuration:
{ "mcpServers": { "air-mcp": { "command": "npx", "args": ["-y", "@binalyze/air-mcp"], "env": { "AIR_HOST": "your-api-host.com", "AIR_API_TOKEN": "your-api-token" } } } }
🧩 Usage with Smithery
Note: Don't forget to activate Agent mode in your editor.
One-Line Installation Commands
Claude
npx -y @smithery/cli@latest install @binalyze/air-mcp --client claude --key {smithery_key}
Cursor
npx -y @smithery/cli@latest install @binalyze/air-mcp --client cursor --key {smithery_key}
Windsurf
npx -y @smithery/cli@latest install@rapidappio/rapidapp-mcp --client windsurf --key {smithery_key}
VSCode
npx -y @smithery/cli@latest install @binalyze/air-mcp --client vscode --key {smithery_key}
Or use the Magic Link option in VSCode.
How to Use
In Claude Desktop, or any MCP Client, you can use natural language commands:
| Command | Description |
|---|---|
List all assets in the system |
Shows all managed/unmanaged endpoints with OS, platform info |
List all acquisition profiles |
Displays available acquisition profiles |
List all organizations |
Shows all organizations in environments |
List all cases |
Displays cases with status and creation time |
List all policies |
Shows security and collection policies |
List all tasks |
Lists all tasks with their statuses |
List all triage rules |
Shows YARA and Sigma rules for threat detection |
List all users |
Shows all users in the system with their details |
Filtering by Organization
You can filter results by organization ID:
List all assets for organization 123
Show me all cases for organization 456
Get policies for organization 789
List tasks for organization 123
List triage rules for organization 123
List users for organization 123
Response Example
Found 3 assets:
a1b2c3d4: Win10-Workstation1 (Windows - Windows 10 Pro)
e5f6g7h8: Ubuntu-Server1 (Linux - Ubuntu 20.04)
i9j0k1l2: MacBook-Pro (macOS - macOS 12.3)
Found 3 triage rules: corewebshell_detection: core.webshell_detection (Engine: yara, Search In: both) fireeye-sunburst-countermeasures: FireEye Sunburst Countermeasures (Engine: yara, Search In: both) fireeye-red-team-tools-countermeasures: FireEye Red Team Tools Countermeasures (Engine: yara, Search In: both)
Found 1 user:
DtmrCWrK1o7m0bqVasdzg6Ia: demo@binalyze.com (demo@binalyze.com)Recommended Servers
playwright-mcp
A Model Context Protocol server that enables LLMs to interact with web pages through structured accessibility snapshots without requiring vision models or screenshots.
Magic Component Platform (MCP)
An AI-powered tool that generates modern UI components from natural language descriptions, integrating with popular IDEs to streamline UI development workflow.
Audiense Insights MCP Server
Enables interaction with Audiense Insights accounts via the Model Context Protocol, facilitating the extraction and analysis of marketing insights and audience data including demographics, behavior, and influencer engagement.
VeyraX MCP
Single MCP tool to connect all your favorite tools: Gmail, Calendar and 40 more.
graphlit-mcp-server
The Model Context Protocol (MCP) Server enables integration between MCP clients and the Graphlit service. Ingest anything from Slack to Gmail to podcast feeds, in addition to web crawling, into a Graphlit project - and then retrieve relevant contents from the MCP client.
Kagi MCP Server
An MCP server that integrates Kagi search capabilities with Claude AI, enabling Claude to perform real-time web searches when answering questions that require up-to-date information.
E2B
Using MCP to run code via e2b.
Neon Database
MCP server for interacting with Neon Management API and databases
Exa Search
A Model Context Protocol (MCP) server lets AI assistants like Claude use the Exa AI Search API for web searches. This setup allows AI models to get real-time web information in a safe and controlled way.
Qdrant Server
This repository is an example of how to create a MCP server for Qdrant, a vector search engine.