Support

Support for business applications

Kaspersky CyberTrace

Administrator guides

Managing Kaspersky CyberTrace Web

Indicators export settings
Kaspersky CyberTrace
Нет результатов
Online Help
FAQ System requirements Download Contact support Recovery tools Product videos

Indicators export settings

April 11, 2024

ID 199633

You can export indicators to a CSV file that will contain a subset of indicators (with extra context fields or without them) filtered by specified rules. This section explains how to create an export task and configure the data that must be included in the resulting file.

The SettingsIndicators export tab displays the Indicators export tasks list with existing export tasks and allows you to do the following:

  • Add a new export task.
  • Manage existing export tasks.

    You can perform the following actions with existing export tasks:

    • Edit existing export tasks.
    • Delete existing export tasks.
    • Configure the scheduled export tasks.
    • Launch the export tasks.

Adding a new export task

To create a new export task:

  1. Click Add task.

    The Add indicators export task window opens.

  2. In the Task properties section, specify the following settings for every field:
    • Task name

      The name of the export task.

    • Maximum

      You can specify the maximum number of indicators that can be included in the report.

      The maximum possible value is 50000.

    • Export every

      Update frequency (in hours) for generating a report.

    • Delimiter

      The delimiter for splitting fields in the report file. By default, this value is ';'.

  3. In the Restrict access to indicators export report section, specify the following information for every field:
    • Use authorization to download indicators export report

      Specify this setting if you want to use authentication for limiting access to the indicators export file.

      If this setting is used, specify the credentials:

      • User name

        User name for accessing the indicators export file.

        This user name is intended only for access to a specific file and it is not the same as a Kaspersky CyberTrace user account.

      • Password

        Password for accessing the indicators export file.

  4. In the Fields to export section, specify filtering rules for the fields that you want to export.

    Do any of the following:

    • To add a new filtering rule, click the Add new filter button, and then define the following parameters:
      • Field name

        Name of the field to which filtering rules are applied and/or that must be exported.

      • Condition

        Filtering condition that is applied to the field.

      • Value

        Filtering criteria for the field. This value must meet the requirements described in the "Working with indicators" section.

      • Include

        Specify this setting if you want to include the field in the report file.

        By default, this field must be included in the report file.

      • Output name

        Name of the output field that must contain the values from the exported field.

      • Include column names

        Specify this setting if you want to include column names in the report file.

      • Quote fields

        Specify this setting if you want to enclose the exported fields in quotation marks, or export the fields without quotation marks.

      If you specify several filtering rules, they are applied simultaneously (the AND logical operator is used).

      In the CSV report file, output fields have the same order that you specify through Kaspersky CyberTrace Web.

    • To delete a filtering rule, click the Delete button. button next to the required line.
  5. If necessary, specify the rules for sorting data in the Sort conditions section:
    • Field name

      Specify the field you want to sort.

    • Sorting order

      You can sort your values in ascending or descending order. This order is retained in the indicators export file.

      When you add a data sorting rule, by default the sorting order is set to Descending.

  6. Click Next.

    The Export preview window opens. This window displays a table with an example of an indicators export.

  7. Click Add to apply the specified settings and add this task to the Indicators export tasks list.

    If you want to change the setting specified in the previous step, click Back.

    If you want to reset all the settings and close the window, click Cancel.

Managing an existing export task

To edit an existing export task:

  1. In the Indicators export tasks list, locate the task that you need, and then click Edit.
  2. Change the settings as described in the instructions above.

To delete an existing export task,

In the Indicators export tasks list, locate the task that you need, and then click Delete.

To enable a scheduled indicators export,

Click the Enable scheduled export task toggle button.

If this setting is turned off, you cannot access the indicators export files that were created earlier.

To launch an export task,

In the Indicators export tasks list, locate the task that you need, and then click Launch export.

After that, the file with the exported indicators becomes available for download at the following address:

https://%CyberTrace_WebAddress%/ioc_exports/%iocexport_name%

where %iocexport_name% is the name of the specified export task.

Did you find this article helpful?
What can we do better?
Thank you for your feedback! You're helping us improve.
Thank you for your feedback! You're helping us improve.