Export - Administrator Guide - Cortex XSIAM - Cortex - Security Operations

Cortex XSIAM Documentation

Product
Cortex XSIAM
Creation date
2024-03-06
Last date published
2024-05-15
Category
Administrator Guide
Abstract

Select the export option to export data collection for long-term retention or offline analysis.

You can export the data collection for long-term retention or offline analysis.

From the collections page, choose a search item from a hunt collection or the endpoint from a triage collection and click the export icon (forensics_export_icon.png). For export of all items, select the Export All option from the Exports button at the top of the Collections page.

Note

You can export a collection more than once.

To view the status of the export, click the Exports button.

The Investigation Exports table shows the status of the requested exports for the selected collection. The compressed export data expires from the bucket after 30 days.

Field

Description

Collection name

Shows the name of the triage or hunt. For triage, the endpoint name of the triaged host is displayed.

Exported

Shows the time when the exported package was created (compressed).

Exported by

Shows the name of the user who requested the export.

Export expiration

Shows the timestamp of when the bucket data (compressed data) will be deleted.

The timestamp changes to red after the timestamp and the last column shows Expired.

Status

The progress indicates how many tables from the collections have been successfully exported to a bucket.

Download button

Enables you to download the the compressed (zip) export of the collection.

Bin icon

Enables you to delete the compressed export file.