Indicators export settings
August 22, 2024
ID 199633
You can export indicators to a CSV file that will contain a subset of indicators (with extra context fields or without them) filtered by specified rules. This section explains how to create an export task and configure the data that must be included in the resulting file.
The Settings → Indicators export tab displays the Indicators export tasks list with existing export tasks and allows you to do the following:
- Add a new export task.
- Manage existing export tasks.
You can perform the following actions with existing export tasks:
- Edit existing export tasks.
- Delete existing export tasks.
- Configure the scheduled export tasks.
- Launch the export tasks.
Adding a new export task
To create a new export task:
- Click Add task.
The Add indicators export task window opens.
- In the Task properties section, specify the following settings for every field:
- Task name
The name of the export task.
- Maximum
You can specify the maximum number of indicators that can be included in the report.
The maximum possible value is
50000
. - Export every
Update frequency (in hours) for generating a report.
- Delimiter
The delimiter for splitting fields in the report file. By default, this value is
';'
.
- Task name
- In the Restrict access to indicators export report section, specify the following information for every field:
- Use authorization to download indicators export report
Specify this setting if you want to use authentication for limiting access to the indicators export file.
If this setting is used, specify the credentials:
- User name
User name for accessing the indicators export file.
This user name is intended only for access to a specific file and it is not the same as a Kaspersky CyberTrace user account.
- Password
Password for accessing the indicators export file.
- User name
- Use authorization to download indicators export report
- In the Fields to export section, specify filtering rules for the fields that you want to export.
Do any of the following:
- To add a new filtering rule, click the Add new filter button, and then define the following parameters:
- Field name
Name of the field to which filtering rules are applied and/or that must be exported.
- Condition
Filtering condition that is applied to the field.
- Value
Filtering criteria for the field. This value must meet the requirements described in the "Working with indicators" section.
- Include
Specify this setting if you want to include the field in the report file.
By default, this field must be included in the report file.
- Output name
Name of the output field that must contain the values from the exported field.
- Include column names
Specify this setting if you want to include column names in the report file.
- Quote fields
Specify this setting if you want to enclose the exported fields in quotation marks, or export the fields without quotation marks.
If you specify several filtering rules, they are applied simultaneously (the
AND
logical operator is used).In the CSV report file, output fields have the same order that you specify through Kaspersky CyberTrace Web.
- Field name
- To delete a filtering rule, click the button next to the required line.
- To add a new filtering rule, click the Add new filter button, and then define the following parameters:
- If necessary, specify the rules for sorting data in the Sort conditions section:
- Field name
Specify the field you want to sort.
- Sorting order
You can sort your values in ascending or descending order. This order is retained in the indicators export file.
When you add a data sorting rule, by default the sorting order is set to Descending.
- Field name
- Click Next.
The Export preview window opens. This window displays a table with an example of an indicators export.
- Click Add to apply the specified settings and add this task to the Indicators export tasks list.
If you want to change the setting specified in the previous step, click Back.
If you want to reset all the settings and close the window, click Cancel.
Managing an existing export task
To edit an existing export task:
- In the Indicators export tasks list, locate the task that you need, and then click Edit.
- Change the settings as described in the instructions above.
To delete an existing export task,
In the Indicators export tasks list, locate the task that you need, and then click Delete.
To enable a scheduled indicators export,
Click the Enable scheduled export task toggle switch.
If this setting is turned off, you cannot access the indicators export files that were created earlier.
To launch an export task,
In the Indicators export tasks list, locate the task that you need, and then click Launch export.
After that, the file with the exported indicators becomes available for download at the following address:
https://%CyberTrace_WebAddress%/ioc_exports/%iocexport_name%
where %iocexport_name%
is the name of the specified export task.