Search and Export Data from the Security Data Lake
- 12 Nov 2024
- 1 Minute to read
- PDF
Search and Export Data from the Security Data Lake
- Updated on 12 Nov 2024
- 1 Minute to read
- PDF
Article summary
Did you find this summary helpful?
Thank you for your feedback
The Security Data Lake Export page enables you to quickly view and export your data stored in the Security Data Lake.
This is useful for security practitioners who need to download data to fulfill audit or investigation requests, or quickly locate sample records to validate that data collection is working as expected.
Navigate to the Export page
From the navigation menu, under Your Environment, expand Security Data Lake and click Export.
.png?sv=2022-11-02&spr=https&st=2024-11-14T16%3A54%3A09Z&se=2024-11-14T17%3A04%3A09Z&sr=c&sp=r&sig=kpJmEwRpTM5B5avba7bUWJ9mLHrvjAElQj%2FmqAdg5dQ%3D "image(327).png")
Overview of the Export page
.png?sv=2022-11-02&spr=https&st=2024-11-14T16%3A54%3A09Z&se=2024-11-14T17%3A04%3A09Z&sr=c&sp=r&sig=kpJmEwRpTM5B5avba7bUWJ9mLHrvjAElQj%2FmqAdg5dQ%3D "image(329).png")
The process for exporting Security Data Lake data is simple:
Search: Find the data you want by filtering by integration and date/time range.
View: Review the preview data.
Export: Download the results.
Search
To find the data you want in the Security Data Lake, narrow down your search by filtering for specific integrations and/or time ranges. By default, all integrations are selected, and the date/time range is set to the last 15 minutes.
To filter your search by integration:
.png?sv=2022-11-02&spr=https&st=2024-11-14T16%3A54%3A09Z&se=2024-11-14T17%3A04%3A09Z&sr=c&sp=r&sig=kpJmEwRpTM5B5avba7bUWJ9mLHrvjAElQj%2FmqAdg5dQ%3D "image(331).png")
Click the filter button.
Select the desired integration (or integrations) from the Integration dropdown.
Click Apply Filters.
To filter your search by date and time range:
.png?sv=2022-11-02&spr=https&st=2024-11-14T16%3A54%3A09Z&se=2024-11-14T17%3A04%3A09Z&sr=c&sp=r&sig=kpJmEwRpTM5B5avba7bUWJ9mLHrvjAElQj%2FmqAdg5dQ%3D "image(334).png")
Click the date/time range dropdown.
Select the desired date/time range, or click Custom Range to select specific starting and ending dates/times.
View
Search results are displayed on-screen so you can review them before initiating an export. Up to 50 records are displayed in this preview mode.
.png?sv=2022-11-02&spr=https&st=2024-11-14T16%3A54%3A09Z&se=2024-11-14T17%3A04%3A09Z&sr=c&sp=r&sig=kpJmEwRpTM5B5avba7bUWJ9mLHrvjAElQj%2FmqAdg5dQ%3D "image(335).png")
The Integration field shows the name of the data source from which this record was ingested.
The Time of Ingestion field shows the date and time when this record was ingested and processed by Red Canary.
The Data field shows the raw text of the record as sent by the source system.
By default, only the first few lines of the raw record are displayed. Click the Expand button to see the full record.
Export
Because the amount of data included in an export search can be quite large, a download link is generated and sent to your email on request.
To generate an export request:
.png?sv=2022-11-02&spr=https&st=2024-11-14T16%3A54%3A09Z&se=2024-11-14T17%3A04%3A09Z&sr=c&sp=r&sig=kpJmEwRpTM5B5avba7bUWJ9mLHrvjAElQj%2FmqAdg5dQ%3D "image(336).png")
Click the Download button.
Choose the maximum size of the download to generate. If the number of records that match the search criteria exceed that amount, the results will be truncated. This is to help ensure that the export file is not too large to successfully download.
In the background, the raw data that matches the search criteria will be compiled into a comma-separated values (CSV) file. When it is ready, you will receive an email notification.
.png?sv=2022-11-02&spr=https&st=2024-11-14T16%3A54%3A09Z&se=2024-11-14T17%3A04%3A09Z&sr=c&sp=r&sig=kpJmEwRpTM5B5avba7bUWJ9mLHrvjAElQj%2FmqAdg5dQ%3D "image(354).png"){kind=small}
Was this article helpful?
