(Asynchronous) Incident Export

Asynchronous Incident Export allows you to export data on selected incidents on the Incidents page without interfering with your workflow. While the export is in progress you are free to navigate through or leave the application without disrupting the process. Once the export is complete, a link is provided to download the two .csv files. This link is active for 24 hours.

Incident Data .csv

The following categories are included in the .csv export of incidents:

  • Platform
  • Object
  • Type
  • Owner (with exceptions)
  • Status
  • Detection Time and Date
  • Severity
  • Policy
  • Number of Matches
  • Incident ID
  • Vendor ID
  • Entity URL (where applicable)

Match Data .csv

  • Incident ID
  • Field
  • Excerpt

Limitations

  • exports are limited to 50,000 incidents
  • the link for the download is only accessible for 24 hours

(Asynchronous) Incident Export


Suggested Edits are limited on API Reference Pages

You can only suggest edits to Markdown body content, but not to the API spec.