Exporting Data from Kenna

There are two ways to export data from Kenna. One uses the API and the other uses the UI.

Exporting Data from the API

Exporting data from the API is asynchronous. In the Kenna API Docs there is a section for Data Exports where you can request a data export, check the status of a running export, kill an export request and retrieve the final export. You must specify the format of the data, including the model type ("asset", "fix", or "vulnerability"), and data format ("json", "jsonl", "xml"). You can request all of your data or a subset of data using search parameters. Read about these endpoints in more detail by here. 

Incremental exports via the API

Customers with large environments may find it burdensome to continuously export their data due to large file sizes and long download times. Thankfully Kenna provides the capability to export only the delta of records which have changed recently. Additional information can be found at this blog post or on our YouTube training playlist, while API parameters are available in our API documentation.

API Export Limitations

API exports do not have a hard limit. The number of entries returned is dependent on the entry size, the number of entries in the request, and how busy the analytics engine is. We approximate the limit to be around 100 M entries. 

Exporting Data from the UI

In Kenna, it is easy to export data to a CSV format.

From any tab in the Explore page, select any individual item or export all items in the page by scrolling down to the bottom of the Search panel on the right side of the page.

To Export Assets or Fixes:

Click the Export this view button and you will see the CSV option as shown below. 

To Export Vulnerabilities:

Click the Export this view button. Vulnerabilities exports will be processed in the background and you will receive an email with a link to extract the file once completed. 

Depending on which features you have enabled on your account, you may see one or more of the items as shown below:

• CSV: This is the default export option.
• CSV with details: This can be enabled by request by the CX team. This option will allow you to have the details provided by your scanner included in the extract.
  

• CSV with solutions: This option can be enabled by request by the CX team. This option will allow you to have the solution information provided by your scanner included in the extract.
  

• CSV with details and solutions: When you have the options for details and solutions enabled, you will have the ability to have them both included in one CSV extract with this option.
  

Viewing Export Status:

To view a list of all export jobs and their status, go to Explore --> Activity.

This will open up a page listing all exports and the following information:

• status
• Export ID
• Type UI/API
• Source Asset/Vulnerability/Fix
• Time requested in GMT
• Time completed in GMT
• Record Count 

Users have the ability to download the export files by clicking on the file icon in the “Action” column.

UI Export Limitations

CSV exports from the UI can be synchronous and downloaded immediately or asynchronous and an email link will be sent to extract a CSV gzipped file. Smaller exports are synchronous and downloaded as a CSV with a limitation of 100 K entries. Any export of fixes, and any large vulnerability or asset export, will be asynchronous and downloaded in the gzip format with a limitation of 500 K entries. Any export of assets, is limited to 100 K entries when downloaded from the UI and download immediately in the browser as a CSV. You can increase the UI Asset Export limit to 500 K by contacting your assigned CX representative to enable the setting. This change impacts the download behavior as the of export request is processed in the background and will be a CSV gzipped file. This change will not impact how fixes and vulnerabilities are exported from the UI.

Extracting CSV Data from a Gzip File

Depending on the size of the export, data exported from the UI may come in a gzip file. Data exported from the API will be in the gzip format. Gzip format is used because it works most efficiently to stream data from connector runs to an exportable download. You will need a program to unzip Gzipped files in order to view the results of this download. Windows does not come preinstalled with a program to do this, so if you are a Windows user, you will need to find a program that suits your company and environment. Some popular programs include winzip, winrar, and 7-zip.

When exporting data from the API, it is highly recommended that the following curl command be used when obtaining gzip data.

curl --request GET \
     --url https://api.kennasecurity.com/data_exports \
     --header 'Accept: application/gzip' \
     --header 'X-Risk-Token: abcdefgh8ijklmnopqrstuvwxyz26'
     --output downloads/kenna_data.gzip

After the data is downloaded into the specified file, it will need to be unzipped to be legible.

A Python example can be seen in the "Acquiring Vulnerabilities per Asset" blog, "Exporting Asset Data" section.