Downloading Data for Events and Devices

While RocketCyber is focused on the SOC reviewing events and creating incidents for the items that need your attention, there may be times where you need to download some of the elements from the views in the UI.

The new CSV/JSON download feature allows you to perform filter queries against the datasets, and then export the data in either CSV or JSON format.

blobid0.png

 

The download feature is available in the following locations:

  1. The “triage view” from each app on the dashboard (Review Events)
  2. Agents page
  3. Firewalls page

Once you request a download, you will receive the requested data set as downloadable links in an email. The email will be sent to the address you are currently logged in with. The links will be valid for one hour after the email is sent.

blobid2.png

 

Some things to know about this feature:

  1. Large downloads will be “chunked” into separate files to improve response times.

  2. By default, only 35 days of data are displayed and downloadable in the Events view. However, if you wish to download a wider date range, you can add the Detection Date filter in the Event views, select Add Filter, and then Search(Note- after adding a filter, the download button will be greyed out until you select Search, to ensure the query returns data)blobid1.png

  3. There may be situations where no data is displayed in the UI (e.g. date range does not contain the last 35 days), but the download will still contain the requested data.

  4. If there is no data available from your query, the body of the email will read “No results were found in the requested export. Please adjust your filters and try again”.

  5. Currently, the extractable data will be available for any events captured after March 2022. As we move forward, 365 days of data will be downloadable.

  6. The Event data downloads are compressed and delivered in .gz format, and will need to be extracted to view. Tools such as 7-zip can extract these files on Windows.

Please ensure that no-reply@rocketcyber.com is allowed in your email protection solution to ensure receipt of download emails.

Was this article helpful?
0 out of 0 found this helpful
Have more questions? Contact us
Provide feedback for the Documentation team!