Components

XDR Forensics is an on-premise or cloud-based, client-server solution that allows you to remotely perform various tasks on assets such as collecting forensic evidence and performing threat hunts with YARA, Sigma, or osquery.

1. Management Console

Management Console is a web-based application that can be viewed from any device with an up-to-date browser.

2. XDR Forensics Responders

Assets are connected to the management console via a lightweight “passive” responder that can be deployed manually or via other mechanisms such as SCCM.

2.1. Passive Responder Explained

XDR Forensics responders;

DO NOT scan anything on the asset that may cause slowdowns (e.g. your Antivirus),
DO NOT block anything on the asset that may cause false positives (e.g. your DLP),
DO NOT create any alerts that may cause “alert fatigue”.

What data is sent or received by Binalyze domains

Domain	Data Sent To Domain	Data Received From Domain
https://binalyze.com	N/A	Version Information
https://license.binalyze.com	License Key	License Status Details
https://api.binalyze.com	Hash of PPC Ref: [XDR Forensics] Timestamp PPC Files RFC-3161	RFC-3161 Timestamp Token
https://cdn.binalyze.com	N/A	Packages
https://one.binalyze.com	FIS USAGE STATS: OrganizationID’s, Case Id, License Key, CaseEventType, CaseEventTime, endpoint Id, Task Id i.e.: “logId”: 764149386100000, “type”: “endpointTaskAddedToCaseEvent”, “publishedDate”: “2022-06-03T10:22:18.610Z”, “data”: { “caseId”: “C-2022-0028”, “endpointId”: “2b2ea7b0-be61-445c-b735-ac1a9a39e448”, “taskAssignmentId”: “2b1d5b2c-72ac-4828-9a82-b3510ce9fd5a” }, “license”: “LICENSE-KEY” FEATURE FLAGS: License Key USAGE ANALYTICS: Amplitude event structure	FEATURE FLAGS: Feature flag states USAGE ANALYTICS: N/A
https://cr.binalyze.com	N/A	Binary Packages

:::