Export incidents on demand to your external cloud storage.
You can export incidents on demand, choosing all incidents older than a specified time range.
Danger
Before exporting incidents, you must have an external cloud storage solution configured. For more information, see Configure access to external storage
Note
The Export Now button is only enabled if there is no active export in progress. You cannot run multiple exports at the same time.
You can only export incidents that are older than one month.
The first time incidents are exported, the process may take multiple days or weeks, depending on the number of incidents and the amount of data. The previous export must be completed before the system begins another export.
Go to → → → .
Click Export Now.
Choose an existing external storage option from the dropdown.
Enter the relative path where the data is stored. For example, if the data is stored in the
export_incidentstop-level folder in an Amazon S3 bucket, the relative path isexport_incidents.Select the time range for incident export. For example, if you select three months, all incidents created more than three months ago are exported. The minimum value is one month.
Select whether to Include incident attachments.
Export.
Note
To stop an existing export process, you must make a
POSTrequest to the API endpoint:/xsoar/exdelete-incidents/job/abort.If an export fails, the Instance Admin receives an email notification. To enable or disable notification settings, click on your username and select → → → .
Once an incident has been exported, it is not exported again, even if it remains in the system and is modified after the export.