Select the export option to export data collection for long-term retention or offline analysis.
You can export the data collection for long-term retention or offline analysis.
From the collections page, choose a search item from a hunt collection or the endpoint from a triage collection and click the export icon (). For export of all items, select the Export All option from the Exports button at the top of the Collections page.
Note
You can export a collection more than once.
To view the status of the export, click the Exports button.
The Investigation Exports table displays the status of the requested exports for the selected collection. The compressed export data expires from the bucket after 30 days.
Field | Description |
---|---|
Collection name | Displays the name of the triage or hunt. For triage, the endpoint name of the triaged host is displayed. |
Exported | Displays the time when the exported package was created (compressed). |
Exported by | Displays the name of the user who requested the export. |
Export expiration | Displays the timestamp of when the bucket data (compressed data) will be deleted. The timestamp changes to red after the timestamp and the last column shows Expired. |
Status | Indicates how many tables from the collections have been successfully exported to a bucket. |
Download button | Enables you to download the the compressed (zip) export of the collection. |
Bin icon | Enables you to delete the compressed export file. |