Allow Exporting Search Data to CSV | Voters

Allow Exporting Search Data to CSV

complete

Jonathan Pilkington

Sometimes I want to be able to export data to a csv if there is a lot of data I have to look over. Allowing exporting all data of a query search would be helpful with this.

April 17, 2024

Chris Bisnett

marked this post as

complete

You can now export the results of your queries by using the dropdown menu from the SIEM search page. Selecting "Export Search" will generate a CSV file with up to 100,000 rows of data matching the query. You can also generate a shareable link that you can give to someone outside your organization who does not have access to the Huntress portal and they will be able to download the search results directly.
Selecting "View previous search exports" will show you a list of the previous exports and allow you to download or delete them.
We would love your feedback on this functionality and to know if you find it useful.

Chris Bisnett

marked this post as

planned

Chris Bisnett

Would something like the first 10,000 rows returned by the query be reasonable? Some queries could return gigabytes or terabytes of data and that wouldn't be ideal for reviewing in a CSV.

We will have a separate capability to export all data for a specified time range for things like taking your data somewhere else or when an incident happens and you need to provide data to the incident response team.

Jonathan Pilkington

Chris Bisnett I feel like that would be reasonable. Main thing is if there is an ongoing investigation of a incident I would need some way to share the data I am looking at.

Jonathan Pilkington

Forgot to mention reason for this is if say insurance got involved after a incident they might want log data from specific time periods. So basically a way to share data outside the org.