You can export data from Cisco Vulnerability Management using either the API or the UI.
Exporting Data from the API
Exporting data from the API is asynchronous. You can use the Data Exports section in the Kenna API to:
- Request a data export
- Check the status of a running export
- Kill an export request
- Retrieve the final export
You must specify the format of the data, including the model type (asset, fix, or vulnerability), and data format (json, jsonl, xml). When you export vulnerabilities, you can include details about the vulnerabilities, and solutions for the vulnerabilities. Also, you can request all your data or a subset of your data by adding search parameters, and you can pick which fields are returned in asset and vulnerability exports. For more information about retrieving data, see the API documentation. For an example, see the Python code here.
Incremental exports via the API
If you have an environment with a large number of assets, it might be burdensome to continuously export and download large data files. Thankfully, Cisco Vulnerability Management provides the capability to export only the delta of records that have changed recently. For more information, see the blog post or our training playlist. The API parameters are available in our API documentation.
API Export Limitations
If you expect that your export has a large amount of data, use the API export because it has no hard limit. The number of entries returned is dependent on the entry size, the number of entries in the request, and how busy the analytics engine is. We approximate the limit to be around 100M entries.
Export Data from the UI
It's easy to export data to a CSV file.
To Export Assets or Fixes
- Click VM > Explore.
- Click the Assets or Fixes tab.
- Do one of the following:
* Use the filter options to reduce the amount of data to export and then scroll down to the bottom of the Search panel on the right-side of the page.
* To export all items on the page, scroll down to the bottom of the Search panel on the right-side of the page. - Click Export this view.
- Click CSV.
To Export Vulnerabilities
- Click VM > Explore.
- Click the Vulnerabilities tab.
- Do one of the following:
* Use the filter options to reduce the amount of data to export and then scroll down to the bottom of the Search panel on the right-side of the page.
* To export all items on the page, scroll down to the bottom of the Search panel on the right-side of the page. - Click Export this view. Vulnerabilities exports will be processed in the background, and you will receive an email with a link to extract the file once the export has completed.
- Depending on the features you have enabled on your account, you can click on one or more options:
- CSV: This is the default export option.
- CSV with details: The CX team can enable this option by request. This option allows you to have your scanner details included in the export.
- CSV with solutions: The CX team can enable this option by request. This option allows you to have your scanner solution information included in the export.
- CSV with details and solutions: When you have the options for details and solutions enabled, you can have them both included in one CSV export.
To export Findings
- Click AppSec > Explore.
- Do one of the following:
* Use the filter options to reduce the amount of data to export and then scroll down to the bottom of the Search panel on the right-side of the page.
* To export all items on the page, scroll down to the bottom of the Search panel on the right-side of the page. - Click Export this view.
- Click CSV.
To export Top Fixes
- Click VM > Dashboard.
- In the risk meter that you want to export the top fixes for, click Top Fixes.
- At the top of the screen, select the Top Fix Group that you want to export the top fixes for.
- Click Export CSV, and choose to export the chosen Group, of All Top Fix Groups.
- Do one of the following:
* In the banner that displays at the top of the screen, click View My Exports, and then click the download icon in the Action column of the Exports table.
* Wait until you receive an email from Kenna, and click the Download CSV Export link.
Viewing Export Status
To view a list of all export jobs and their status, go to VM > Activity.
This will open up a page listing all exports and the following information:
- Status
- Export ID
- Type UI/API
- Source Asset/Vulnerability/Fix
- Time requested in GMT
- Time completed in GMT
- Record Count
To download the export files, click on the file icon in the “Action” column.
UI Export Limitations
CSV exports from the UI can be synchronous and downloaded immediately or asynchronous and an email link will be sent that allows you to extract a CSV gzipped file. Smaller asset exports are synchronous and downloaded as a CSV file with a limitation of 100 K entries. Any export of fixes, and any large vulnerability exports, will be asynchronous and downloaded in the gzip format with a limitation of 500 K entries. Any export of assets is limited to 100 K entries when downloaded from the UI and is downloaded immediately in the browser as a CSV file. To increase the UI Asset Export limit to 4 M entries, contact your CX representative. The increase impacts the download behavior, the export request is processed in the background and will be a CSV gzipped file. The increase does not impact how fixes and vulnerabilities are exported from the UI.
Extracting CSV Data from a Gzip or .gz File
Depending on the size of the export, data exported from the UI may come in a gzip file. Data exported from the API will be in the .gz format. The .gz format is used because it works most efficiently to stream data from connector runs to an exportable download. You will need a program to unzip .gz files to view the results of the download. Windows does not come preinstalled with a program to do this, so if you are a Windows user, you will need to find a program that suits your company and environment. Some popular programs include winzip, winrar, and 7-zip.
When exporting data from the API, we recommend that you use the following curl command when obtaining gzip data.
curl --request GET \
--url https://api.kennasecurity.com/data_exports \
--header 'Accept: application/gzip' \
--header 'X-Risk-Token: abcdefgh8ijklmnopqrstuvwxyz26'
--output downloads/kenna_data.gzip
After the data is downloaded into the specified file, it will need to be unzipped to be readable.
You can see a Python example in the Acquiring Vulnerabilities per Asset blog, Exporting Asset Data section.
Comments
Please sign in to leave a comment.