Exporting events to a file

Exporting events when connected to the Server through the web interface

When connected to the Server through the web interface, you can export information about events (and incidents) to files of the following formats:

• CSV

  When exporting a file in this format, the file saves information from the columns currently displayed in the table.

• JSON

  When exporting a file in this format, the file saves all available information about events, including service information from the database (such as information about devices associated with the events). The file can be used to upload detailed event data to other systems.

You can perform an export to CSV and JSON files for all events that satisfy the current filter and search settings, or selectively for events displayed in the table.

To export information about all events that satisfy the current filter and search settings:

1. Select the Events section.
2. Click the Export link in the toolbar to open the menu for selecting the format of the saved file.
3. In the opened window, select the relevant file format option: file in CSV format or file in JSON format.

   The file creation process starts.

4. If it takes a long time (more than 15 seconds) to create the file, the file creation operation is transferred to the list of background operations. In this case, to download the file:
   1. Click the button in the menu of the application web interface.

      The list of background operations appears.

   2. Wait for the file creation operation to finish.
   3. Click the Download file button.

Your browser will save the downloaded file. Depending on the browser you are using, your screen may show a window in which you can change the path and name of the saved file.

To export information about selected events:

1. Select the Events section.
2. In the events table, select the events whose information you want to export to a file.

   After you select events, the details area opens in the right part of the web interface window.

3. Click the relevant part of the Export to: button indicating the necessary file format: CSV file or JSON file.

   The file creation process starts. If it takes a long time (more than 15 seconds) to create the file, perform the necessary actions for step 4 as described in the procedure for exporting information about all events.

Exporting events using the export utility

In Kaspersky Industrial CyberSecurity for Networks 3.0.1, you can use an event export utility to export events and incidents to XML files. This utility is designed for use on computers running the Astra Linux SE 1.6 operating system. The file used for running the export-xml utility is included in the distribution kit of Kaspersky Industrial CyberSecurity for Networks 3.0.1.

The event export utility saves files containing information about events and incidents in the specified folder. Information about each event or incident is saved as a separate file whose name indicates the ID of the event or incident. A file contains all available information about an event or incident, including service information from the database (such as information about devices associated with events).

You can use the event export utility to export all events and incidents that were registered during the specified time interval.

The event export utility connects to the application Server through a connector that must be added to the application in advance.

To prepare the application to use the event export utility:

1. In the application, add the connector that will be used by the event export utility to connect to the application Server. Specify the Generic system type for the connector.
2. On the computer where the utility will be used, create a folder for saving the exported files. This folder can be a specially created folder for saving files to a network resource.
3. Copy the file used for running the export-xml utility from the distribution kit of Kaspersky Industrial CyberSecurity for Networks 3.0.1 to the computer.
4. Go to the folder containing the export-xml file and enter the following command to provide permissions to run the file:

   sudo chmod +x ./export-xml

5. If the communication data package obtained at step 1 is absent from the computer where the utility will be used, copy this file to the computer (for example, to the folder that contains the export-xml file).

To export event information using the event export utility:

1. On the computer where the utility will be used, open the operating system console and go to the folder containing the export-xml file.
2. Enter the following command in the command line:

   ./export-xml -p <connector certificate access password> \
-с <path to communication data package> \
-f <event registration period start date and time> \
-t <event registration period end date and time> \
-d <name of folder for saving files> \
-m <application vendor ID> \
-i <application instance ID> \
-z <UTC relative time offset>

   where:

   • <connector certificate access password> is the password that was defined when adding the connector that is used by the event export utility to connect to the application Server (mandatory parameter).
   • <path to communication data package> is the full path and name of the communication data package that was created when adding the connector that is used by the event export utility to connect to the application Server (mandatory parameter).
   • <event registration period start date and time> and <event registration period end date and time> are the start and end date and time of the period of registration of events that will be exported (mandatory parameters). Value format: YYYY-MM-DDThh:mm:ss (for example: 2021-05-23T13:45:21).
   • <name of folder for saving files> is the full path to the folder where exported files will be saved (mandatory parameter).
   • <application vendor ID> is an identifier in the range 0–9999 representing the application vendor (55 by default).
   • <application instance ID> is an identifier in the range 0–9999 representing the application instance (1 by default).
   • <UTC relative time offset> is a positive or negative offset relative to UTC time for the defined boundaries of the event registration period expressed in minutes (180 minutes by default, which corresponds to a positive offset of 3 hours).

     Example: ./export-xml -p Password1234 -c ./connectorXML.zip -f 2021-05-23T13:45:21 -t 2021-05-23T14:45:21 -d ./output -i 12

   After the utility finishes, verify that the files of exported events are located in the specified folder.

Page top