Air MCP
Skills
list_cases
List all cases in the system
list_tasks
List all tasks in the system
list_users
List all users in the system
create_case
Create a new case in the system
list_assets
List all assets in the system
update_case
Update an existing case by ID
call_webhook
Call a webhook with the specified parameters
export_cases
Export cases data from the system
post_webhook
Post data to a webhook
create_policy
Create a new policy with specific storage and compression settings
list_policies
List all policies in the system
start_tagging
Start the auto asset tagging process for assets matching filter criteria.
update_policy
Update an existing policy with specific storage and filter settings
get_case_by_id
Get detailed information about a specific case by its ID
get_case_users
Get all users associated with a specific case by its ID
get_task_by_id
Get detailed information about a specific task by its ID
get_user_by_id
Get detailed information about a specific user by their ID
check_case_name
Check if a case name is already in use
get_asset_by_id
Get detailed information about a specific asset by its ID
list_audit_logs
List audit logs from the AIR system
open_case_by_id
Open a previously closed case by its ID
acquire_baseline
Assign a baseline acquisition task to specific endpoints
add_note_to_case
Add a note to a specific case by its ID
close_case_by_id
Close a case by its ID
compare_baseline
Compare baseline acquisition tasks for a specific endpoint
get_policy_by_id
Get detailed information about a specific policy by its ID
list_triage_tags
List all triage rule tags in the system
uninstall_assets
Uninstall specific assets based on filters without purging data. Requires specifying `filter.includedEndpointIds`.
cancel_task_by_id
Cancel a specific task by its ID
change_case_owner
Change the owner of a case
create_triage_tag
Create a new triage rule tag
delete_repository
Delete an evidence repository by its ID
delete_task_by_id
Delete a specific task by its ID
download_case_ppc
Download a PPC file for a specific endpoint and task
export_audit_logs
Initiate an export of audit logs from the AIR system
export_case_notes
Export notes for a specific case by its ID
list_repositories
List all evidence repositories in the system
list_triage_rules
List all triage rules in the system
add_tags_to_assets
Add tags to specific assets based on filters. Requires specifying `filter.includedEndpointIds` and `tags`.
archive_case_by_id
Archive a case by its ID
assign_reboot_task
Assign a reboot task to specific endpoints
assign_triage_task
Assign a triage task to endpoints based on filter criteria
create_triage_rule
Create a new triage rule
delete_triage_rule
Delete an existing triage rule by ID
get_case_endpoints
Get all endpoints associated with a specific case by its ID
list_organizations
List all organizations in the system
update_triage_rule
Update an existing triage rule by ID
create_organization
Create a new organization
delete_organization
Delete an organization by its ID
delete_policy_by_id
Delete a specific policy by its ID
get_case_activities
Get activity history for a specific case by its ID
update_note_in_case
Update an existing note in a specific case
assign_shutdown_task
Assign a shutdown task to specific endpoints
download_task_report
Download a task report for a specific endpoint and task
get_case_tasks_by_id
Get all tasks associated with a specific case by its ID
get_report_file_info
Get information about a PPC file for a specific endpoint and task
get_repository_by_id
Get detailed information about a specific evidence repository by its ID
get_task_assignments
Get all assignments for a specific task by its ID
list_auto_asset_tags
List all auto asset tag rules in the system.
list_drone_analyzers
List all drone analyzers in the system
validate_triage_rule
Validate a triage rule syntax without creating it
assign_isolation_task
Assign an isolation task to specific endpoints
create_auto_asset_tag
Create a new rule to automatically tag assets based on specified conditions for Linux, Windows, and macOS.
create_smb_repository
Create a new SMB evidence repository
delete_note_from_case
Delete a note from a case by its ID
export_case_endpoints
Export endpoints for a specific case by its ID
get_asset_tasks_by_id
Get all tasks associated with a specific asset by its ID
get_comparison_report
Get comparison result report for a specific endpoint and task
get_triage_rule_by_id
Get a specific triage rule by its ID
update_auto_asset_tag
Update an existing auto asset tag rule.
update_banner_message
Update the system banner message settings
update_smb_repository
Update an existing SMB repository by ID
cancel_task_assignment
Cancel a task assignment by its ID
create_ftps_repository
Create a new FTPS evidence repository
create_sftp_repository
Create a new SFTP evidence repository
delete_task_assignment
Delete a specific task assignment by its ID
export_case_activities
Export activities for a specific case by its ID
get_organization_by_id
Get detailed information about a specific organization by its ID
get_organization_users
Get users for a specific organization by its ID
get_policy_match_stats
Get statistics on how many endpoints match each policy based on filter criteria
update_ftps_repository
Update an existing FTPS evidence repository
update_sftp_repository
Update an existing SFTP repository
assign_acquisition_task
Assign an evidence acquisition task to specific endpoints
remove_tags_from_assets
Remove tags from specific assets based on filters. Requires specifying `filter.includedEndpointIds` and `tags`.
add_tags_to_organization
Add tags to an organization
get_auto_asset_tag_by_id
Get details of a specific auto asset tag rule by its ID
update_policy_priorities
Update the priority order of policies
validate_ftps_repository
Validate FTPS repository configuration without creating it
assign_log_retrieval_task
Assign a log retrieval task to specific endpoints
list_acquisition_profiles
List all acquisition profiles in the system
list_e_discovery_patterns
List all e-discovery patterns for file type detection
update_organization_by_id
Update an existing organization by ID
assign_version_update_task
Assign a version update task to specific endpoints
create_acquisition_profile
Create a new acquisition profile
get_task_assignments_by_id
Get all assignments associated with a specific task by its ID
list_acquisition_artifacts
List all acquisition artifacts available for evidence collection
purge_and_uninstall_assets
Purge data and uninstall specific assets based on filters. Requires specifying `filter.includedEndpointIds`.
remove_endpoints_from_case
Remove endpoints from a case based on specified filters
create_amazon_s3_repository
Create a new Amazon S3 repository for evidence storage
delete_auto_asset_tag_by_id
Delete a specific auto asset tag rule by its ID
update_amazon_s3_repository
Update an existing Amazon S3 repository
assign_users_to_organization
Assign users to a specific organization
assign_image_acquisition_task
Assign a disk image acquisition task to specific endpoints and volumes
delete_tags_from_organization
Delete specific tags from an organization
get_acquisition_profile_by_id
Get details of a specific acquisition profile by its ID
get_shareable_deployment_info
Get shareable deployment information using a deployment token
remove_user_from_organization
Remove a user from an organization
validate_amazon_s3_repository
Validate Amazon S3 repository configuration
check_organization_name_exists
Check if an organization name already exists in the system
create_azure_storage_repository
Create a new Azure Storage repository
import_task_assignments_to_case
Import task assignments to a specific case
update_azure_storage_repository
Update an existing Azure Storage repository
remove_task_assignment_from_case
Remove a specific task assignment from a case
validate_azure_storage_repository
Validate an Azure Storage repository configuration
update_organization_deployment_token
Update the deployment token for a specific organization
update_organization_shareable_deployment
Update an organization's shareable deployment settings
Configuration
MCP Server
Connect to MCP Server