Running the utility for preparing data for GosSOPKA

To run the utility for preparing data for GosSOPKA:

  1. Place the gossopka_alert_exporter.tar.gz archive on the Central Node server from which you want to get data.
  2. Log in to the management console of the relevant Central Node server over SSH or through a terminal.
  3. When the system prompts you, enter the administrator user name and the password that was specified during installation of the component.

    The application component administrator menu is displayed.

  4. In the application administrator menu, select Technical Support Mode.
  5. Press ENTER.

    This opens the Technical Support Mode confirmation window.

  6. Confirm that you want to manage the application in Technical Support Mode. To do so, select Yes and press ENTER.
  7. Run the following command:

    sudo -i

  8. Unpack the archive of the utility:

    tar -xzvf gossopka_alert_exporter.tar.gz

  9. If you want to get alert information, run the following command:

    python3 export_main.py -s <yyyy-mm-ddThh:mm:ss> -b <yyyy-mm-ddThh:mm:ss>

  10. If you want to get NDR alert and event information, run the following command:

    python3 export_main.py -s <yyyy-mm-ddThh:mm:ss> -b <yyyy-mm-ddThh:mm:ss> -c <path to communication data package>

The utility is run.

You can also specify one or multiple parameters for this command (see the table below).

Utility command line option description

Required parameter

Parameter

Description

No

--help

Help page.

No

-m <id>

Vendor ID (module_id).

The default value is 50. Before running the utility, you need to contact the GosSOPKA center to get the up-to-date ID assigned to Kaspersky.

Yes

-s <yyyy-mm-ddThh:mm:ss>

Start of the period for which you want to get information.

Yes

-b <yyyy-mm-ddThh:mm:ss>

End of the period for which you want to get information.

No

-o <path to directory>

Path to the directory in which the files will be saved.

The default is /tmp.

Yes, if you want to get NDR event data

-c <name of communication data package, including the extension>

The file name of the communication data package (including the extension) obtained when creating the connector.

Yes, if you want to get NDR event data

-p <password of the communication data package>

The password of the communication data package that you specified when creating the connector.

No

-z <offset from UTC in minutes>

Offset from the UTC time zone in minutes.

The default is 180 (+3 hours).

Example command to run the utility with options:

python3 export_main.py -s 2025-01-01T00:00:00 -b 2025-05-23T00:00:00 -c test.zip -o /home/administrator/export

The utility places the following files in the selected directory:

A separate file is created for each detection or event. If the directory already contains a file with the same name, it is overwritten.

Page top