Indicators export settings

You can export indicators to a CSV file that will contain a subset of indicators (with extra context fields or without them) filtered by specific rules. This section explains how to create an export task and configure the data that must be included in the resulting file.

This feature can be disabled due to restrictions imposed by the licensing level.

The Settings → Indicators export page displays the list of existing export tasks. To access this page, you need to switch to the System management mode. This mode is accessible only to users with the Administrator role.

The Indicators export page allows you to do the following:

• Add a new export task.
• Manage existing export tasks.

  You can perform the following actions with existing export tasks:

  • Edit existing export tasks.
  • Delete existing export tasks.
  • Configure the scheduled export tasks.
  • Launch the export tasks.

Adding a new export task

To add an export task:

1. Click Add task.

   The Add indicators export task window opens.

2. In the Task properties section, specify the following settings for every field:
   • Task name

     The name of the export task.

   • Maximum records

     You can specify the maximum number of indicators that can be included in the report.

     The maximum possible value is 1000000.

     The default value is 50000.

   • Export every

     Update frequency (in hours) for generating a report. By default, the value is 24 hours.

   • Delimiter

     The delimiter for splitting fields in the report file. By default, this value is ';'.

3. In the Filtering rules section, specify filtering rules for the fields that you want to export.

   Do any of the following:

   • To add a new filtering rule, click the Add rule button, and then define the following parameters:
     • Field name

       Name of the field to which filtering rules are applied and/or that must be exported.

     • Condition

       Filtering condition that is applied to the field.

       For exporting indicators, you can set up the floating time range from the current date to some previous date. Select the Range from current date to days ago condition and enter the value of 1 to 365. For example, if you specify 5 as a value for this condition for a daily export of indicators, each day the indicators will be exported for the period of the last 5 days to the current date.

     • Value

       Filtering criteria for the field. This value must meet the requirements described in the "Working with indicators" section.

     • Export this field

       Enable this toggle switch if you want to include the field in the report file.

       By default, this field is not included in the report file.

     • Output field name

       Name of the output field that must contain the values from the exported field.

     • Include column names

       Specify this setting if you want to include column names in the report file.

     • Quote fields

       Specify this setting if you want to enclose the exported fields in quotation marks ("), or export the fields without quotation marks. The field values may not be exported correctly if they are not enclosed in quotation marks (").

     If you specify several filtering rules, they are applied simultaneously (the AND logical operator is used).

     In the CSV report file, output fields have the same order that you specify through Kaspersky CyberTrace Web.

   • To delete a filtering rule, click the button next to the required line.
4. If necessary, specify the rules for sorting data in the Sorting conditions section.

   Do any of the following:

   • To add a new sorting condition, click the Add sorting condition button, and then define the following parameters:
     • Field name

       Specify the field you want to sort.

     • Sorting order

       You can sort your values in ascending or descending order. This order is retained in the indicators export file.

       When you add a data sorting rule, by default the sorting order is set to Ascending.

     If you specify several sorting conditions, they are applied simultaneously (the AND logical operator is used).

   • To delete a sorting condition, click the button next to the required line.
5. In the Restrict access to indicators export report section, specify the following information:
   • Use authorization to download indicators export report

     Enable this toggle switch if you want to limit access to the indicators export file.

     If this setting is used, specify the credentials:

     • User name

       User name for accessing the indicators export file.

       This user name is intended only for access to a specific file and it is not the same as a Kaspersky CyberTrace user account.

     • Password

       Password for accessing the indicators export file.

6. Click Next.

   The export preview window opens. This window displays a table with an example of an indicators export.

7. Click Add to apply the specified settings.

   If you want to change the settings specified in the previous step, click Back.

   If you want to reset all the settings and close the window, click Cancel.

The new task is added to the list of indicators export tasks.

Managing an existing export task

To edit an existing export task:

1. In the list of indicators export tasks, click the (Edit) button next to the task that you want to edit.
2. Change the settings as described in the instructions above.

The edited task is displayed in the list of indicators export tasks.

To delete an existing export task:

1. In the list of indicators export tasks, click the (Delete) button next to the task that you want to delete.
2. In the confirmation window that opens, click the Delete button.

The deleted task disappears from the list of indicators export task.

To enable a scheduled export task,

In the list of indicators export tasks, enable the toggle switch in the Status column for the task that you want to enable.

If this setting is turned off, you cannot access the indicators export files that were created earlier.

To launch an export task manually,

In the list of indicators export tasks, click the Launch now button next to the task that you want to launch.

After that, the file with the exported indicators becomes available for download at the following address:

https://%CyberTrace_WebAddress%/ioc_exports/%iocexport_name%

where %iocexport_name% is the name of the specified export task.

Page top