You can export data from Cisco Vulnerability Management using either the API or the UI.
Export Data from the API
Exporting data from the API is asynchronous. You can use the Data Exports section in the API to:
- Request a data export
- Check the status of a running export
- Kill an export request
- Retrieve the final export
You must specify the format of the data, including the model type (asset, fix, finding, or vulnerability), and data format (json, jsonl, xml). When you export vulnerabilities, you can include details about the vulnerabilities, and solutions for the vulnerabilities. Also, you can request all your data or a subset of your data by adding search parameters, and you can pick which fields are returned in asset and vulnerability exports. For more information about retrieving data, see the API documentation. For an example, see the Python code here.
Incremental exports via the API
If you have an environment with a large number of assets, it might be burdensome to continuously export and download large data files. Cisco Vulnerability Management provides the capability to export only the delta of records that have changed recently. For more information, see the blog post or our training playlist. The API parameters are available in the API documentation.
API Export Limitations
If you expect that your export has a large amount of data, use the API export because it has no hard limit on the amount of data that is returned. The number of entries returned is dependent on the entry size, the number of entries in the request, and how busy the analytics engine is. Cisco approximates the limit to be around 100M entries.
API Export Examples
This example shows how to request an export of all active assets in jsonlines format.
{
“export_settings”: {
“format”: “jsonl”,
“model”: “asset”,
}
}
This example shows how to request an export of all inactive assets in json format.
{
“export_settings”: {
“format”: “json”,
“model”: “asset”,
}
“status” : [“inactive”]
}
This example shows how to request an export of all vulnerabilities for inactive assets in xml format.
{
"export_settings": {
"format": "xml",
"model": "vulnerability",
},
"asset": { "status":["inactive"]
}
This example shows how to request an export of all inactive assets with only asset_groups and id outputted in the exports artifact.
{
“export_settings”: {
“format”: “jsonl”,
“model”: “asset”,
“fields” : [“asset_groups”]
}
“status” : [“inactive”]
}
This example shows how to request a vulnerability export of all open vulnerabilities in xml format.
{
“export_settings”: {
“format”: “xml”,
“model”: “vulnerability”,
}
}
This example shows how to request requests an export of all closed vulnerabilities.
{
“export_settings”: {
“format”: “xml”,
“model”: “vulnerability”,
}
“status” : [“closed”]
}
This example shows how to request an export of all active assets for closed vulnerabilities.
{
"export_settings": {
"format": "json",
"model": "asset",
},
"vulnerability": { "status":["closed"] }
}
This example shows how to request an export of all closed vulnerabilities with only status, details and Attachment 2 custom field outputted in the export file.
{
“export_settings”: {
“format”: “json”,
“model”: “vulnerability”,
“fields”: [“status”, “custom_fields:Attachment 2”, “details”]
}
“status” : [“closed”]
}
This example shows how to request an export of all fixes in json format.
{
“export_settings”: {
“format”: “json”,
“model”: “fix”,
}
}
This example shows how to request an export of all fixes associated with vulnerabilities that have a severity of less than 8.
{
“export_settings”: {
“format”: “json”,
“model”: “fix”,
}
“max_severity” : 8
}
This example shows how to request an export of all fixes with only title and assets outputted in the export file.
{
“export_settings”: {
“format”: “json”,
“model”: “fix”,
“fields” : [“title”, “asset”]
}
}
Export Data from the UI
It's easy to use the UI to export data to a CSV file.
To Export Assets
- Click Vulnerability Management > Explore.
- Click the Assets tab.
- On the right-hand side of the page, click Export Assets.
- In the Export Assets list, choose the fields that you want to include in the export.
Note: If you do not select any fields, the export returns only the ID.
- Click Continue.
- Select a file type, and a compression type.
Note: If you select None as the compression type, you can only export up to 100,000 entries. If you select None and your export exceeds 100,000 entries, an error message displays that asks you to reduce the number of selections before you can continue with the export.
Tip: Instead, chose the Zip or Gzip compression types and you can then export up to 4,000,000 entries.
- Click Export Assets. A success message banner will display at the top of the window.
- To download the exported file, click Vulnerability Management > Activity. Find the relevant Export ID, and then in the Action column, click the blue icon to download the export.
Export Fixes
- Click Vulnerability Management > Explore.
- Click the Fixes tab.
- On the right-hand side of the page, click Export Fixes.
- In the Export Fixes list, choose the fields that you want to include in the export.
Note: If you do not select any fields, the export returns only the Fix ID and Asset ID.
- Click Continue.
- Select a file type, and a compression type.
- Click Export Fixes. A success message banner will display at the top of the window.
- To download the exported file, click Vulnerability Management > Activity. Find the relevant Export ID, and then in the Action column, click the blue icon to download the export.
Export Vulnerabilities
- Click Vulnerability Management > Explore.
- Click the Vulnerabilities tab.
- On the right-hand side of the page, click Export Vulnerabilities.
- In the Export Vulnerabilities list, select the fields that you want to be included in the export.
Note: If you do not select any fields, the export returns only the ID.
- Click Continue.
Note: When you select the Details field, you can export up to 500,000 vulnerabilities. If the number of rows in your export exceeds that number, an error message displays that asks you to reduce the number of selections before you can continue with the export.
- Select a file type, and a compression type.
- Click Export Vulnerabilities. A success message banner will display at the top of the window.
- To download the exported file, click Vulnerability Management > Activity. Find the relevant Export ID, and then in the Action column, click the blue icon to download the export.
Export Top Fixes
- Click Vulnerability Management > Dashboard.
- In the risk meter that you want to export the top fixes for, click Top Fixes.
- At the top of the screen, select the Top Fix Group that you want to export the top fixes for.
- Click Export CSV, and choose to export the chosen Group, or All Top Fix Groups.
- Do one of the following:
* In the banner that displays at the top of the screen, click View My Exports, and then click the download icon in the Action column of the Exports table.
* Wait until you receive an email from Cisco, and click the Download CSV Export link.
Export Findings data
- Click Application Security Module > Explore.
- Do one of the following:
* Use the filter options to reduce the amount of data to export and then scroll down to the bottom of the Search panel on the right-hand side of the page.
* To export all items on the page, scroll down to the bottom of the Search panel on the right-hand side of the page. - Click Export this view.
- Click CSV.
- To download the exported file, click Vulnerability Management> Activity. Find the relevant export ID and click on the blue download action button to download the export
View the Export Status
To view a list of all export jobs and their status, go to Vulnerability Management > Activity.
A page opens that lists all exports and the following information:
- Status
- Export ID
- Type Asset/Vulnerability/Fix
- Source UI/API
- Time requested in GMT
- Time completed in GMT
- Record Count
2. To download the export files, in the Action column, click the blue icon.
UI Export Limitations
UI Asset Exports are limited to 4,000,000 entries in a CSV file.
Extracting CSV Data from a Gzip or .gz File
Depending on the size of the export, data exported from the UI might come in a gzip file. Data exported from the API will be in the .gz format. The .gz format is used because it works most efficiently to stream data from connector runs to an exportable download. You will need a program to unzip .gz files to view the results of the download. Windows does not come preinstalled with a program to do this, so if you are a Windows user, you will need to find a program that suits your company and environment. Some popular programs include winzip, winrar, and 7-zip.
When exporting data from the API, Cisco recommends that you use the following curl command when obtaining gzip data.
curl --request GET \
--url https://api.kennasecurity.com/data_exports \
--header 'Accept: application/gzip' \
--header 'X-Risk-Token: abcdefgh8ijklmnopqrstuvwxyz26'
--output downloads/kenna_data.gzip
After the data is downloaded into the specified file, it will need to be unzipped to be readable.
You can see a Python example in the Acquiring Vulnerabilities per Asset blog, Exporting Asset Data section.
Comments
Please sign in to leave a comment.