Data Export

Updated 2 months ago by Sachit Soni

Introduction

There are two ways to get data in and out of the platform; Station (Front-End) or the REST API.

Front-end

Manual Extractions
Please look at download options (screenshots)
  • Option 1: This allows the user to export ALL correlated indicators shown in the constellation graph view. Currently this can only be exported as in CSV format. To export all indicators in a visual analysis, click on the download button which is at the top of the constellation.
  • Option 2 (IOC list): After filtering down to the relevant IOCs to export, navigate to the top right of the page to export a CSV containing all of the IOCs that meet the filter criteria. This CSV will provide the following context for each IOC:
  • Option 3 (Report): 3 Dots in left hand panel, will provide a file that has indicators from your selected report and all data sources from the graph including intel reports, correlated reports, and community reports. Download Options: FIREEYE TAP, JSON, STIX, TXT
Note: Each format varies in report export template. Users will notice a difference in the context of the export depending on the format selected.

Attached are an export of each file type for this example report:

JSON

  • User will receive an export containing the following details:
    • Report ID: Unique identifier generated by the platform for each report
    • Creation timestamp: indicating when the platform created the report
    • Report title
    • timeBegan timestamp: this is the time provided by the user when submitting a report. If user doesn't provide a time the Creation timestamp is used.
    • Status showing if report has been fully Processed
    • Report body
    • Submission source (API or Web)
    • List of extracted IOCs with type and value of each IOC
  • report-ab7f60fa-0f11-4ebf-baf5-bed8dc0005fd.json

STIX

TXT

FIREEYE TAP

API Report Extraction

Note: IOC data can also be exported in an automated fashion via the REST API. This allows users to pull the latest reports, and indicators at regular intervals if desired.


How Did We Do?