Data Export

Scoped Exports

From any dashboard, identify the visualisation that holds the data you're looking to export.

Select "Inspect" from the three dots on the top right of the visualisation.

Then choose either Download CSV and select either "Formatted CSV" for formatted exports, or "Raw CSV" for unformatted exports.

Large Exports

In the event of an audit or a requirement for more data than a dashboard offers, an entire index can be exported with an optional filter over the documents.

Access portal.threatdefence.io, and go to "My Tenants > Data Export".

From this screen, select the index pattern for export from "Select Index", and optionally enter a query into the "Enter DB query" field. Queries can be determined in Console to determine the filtering (e.g. limiting to a single host: source.ip: 192.168.0.1).

After the export completes, which may take a while depending on the scale of data selected, the download will be available as a .jsonl.gzip. This file can be opened by most desktop applications that can handle zip files.

Having Trouble?

If you're experiencing any issues with user management, please open a request via the support portal, or email our support email at "[email protected]" and our team will assist you.