Exporting Search Results
Exported search results in Attack Surface Management (ASM) contain raw data used for the platform to display related content such as the list of Issues, Entities, and Technologies. Some fields are intentionally left blank. The content fields are exported into a JSON or CSV file. Exported files contain all fields associated with your search results.
To export search results
-
In ASM, select the Issues, Entities, or Technologies tab.
-
Select the relevant search Filters, making adjustments as needed to refine the scope.
Existing search results are exported. Therefore, before exporting, you must run searches using your required search criteria.
-
Click the Export button.
When you select Export, you are notified that the export is in progress.
Once the export is complete, you will receive an email containing a link to the file. -
You can also access the Download Exports page by selecting Exports from your Projects and Settings menu. Click
associated with a selected export file and select either Download CSV or Download JSON. The downloaded file can be found in the default download folder of your local machine.
Exported Search Results
The following tables tabulate the exported fields for Issues, Entities, and Technologies.
Exported Fields for Issues
| Field | Description/Example |
|---|---|
| Refresh date | Example: 2023-06-03 12:15:27 UTC |
| Type | |
| Name | |
| Collection Name | |
| Last seen | Example: 2023-06-03T12:15:27.000Z |
| First seen | Example: 2023-06-03T12:15:27.000Z |
| Id | |
| Uid | |
| Uuid | |
| Description | Example: When using the Apache JServ Protocol (AJP), care must be taken when trusting incoming connections to Apache Tomcat. Tomcat treats AJP connections as having higher trust than, for example, a similar HTTP connection ... |
| Dynamic Id | Example: 19247113 |
| Pretty Name | Example: Apache HTTP Server Path Traversal Bypass (CVE-2021-42013) |
| Upstream | The system that is associated with the issues for data collection |
| Entity Uid | |
| Entity Name | Example: <IP address & Port for a server> |
| Alias Group | |
| Collection Uuid | |
| Collection Type | Example: user_collection |
| Organization Uuid | |
| Summary.Pretty Name | Example: Apache HTTP Server Path Traversal Bypass (CVE-2021-42013) |
| Summary.Severity | Severity of the Issue |
| Summary.Scoped | Example: true |
| Summary.Confidence | Example: confirmed |
| Summary.Status | Example: open_new |
| Summary.Category | Example: Vulnerability |
| Summary.Identifiers | Example: [{"name"=>"CVE-2021-42013", "type"=>"CVE"}] |
| Summary.Status New | Example: open |
| Summary.Status New Detailed | Example: new |
| Summary.Tickets List | List of tickets represented as an array |
| Tags | Array of identifier tags |
| Cisa Known Exploited | Example: true |
| Epss V2 Score Lte | |
| Epss V2 Percentile Gte | Percentile position among the total numbers |
| Proof | Example: {"additional_info":"The Tomcat instance was identified vulnerable as a successful connection was made to the AJP Connector."} |
| Remediation | Example: Disable |
| References | Example: [{"uri"=>"https://www.chaitin.cn/en/ghostcat", "type"=>"description"}, {"uri"=>"https://www.tenable.com/blog/cve-2020-1938-ghostcat-apache-tomcat-ajp-file-readinclusion-vulnerability-cnvd-2020-10487", "type"=>"description"}, {"uri"=>"https://github.com/YDHCUI/CNVD-2020-10487-Tomcat-Ajp-lfi", "type"=>"exploit"}, ...] |
| Notes | An array of notes. |
| Collection Pretty Name | Example: Abc AWS Network |
Exported Fields for Entities
| Field | Description/Example |
|---|---|
| Refresh date | Example: 2023-06-03 12:15:27 UTC |
| Type | |
| Name | |
| Collection Name | |
| Last seen | Example: 2023-06-03T12:15:27.000Z |
| First seen | Example: 2023-06-03T12:15:27.000Z |
| # Issues | Example: 0 |
| Id | |
| Uid | |
| Uuid | |
| Dynamic Id | |
| Tags | Array of identifier tags |
| Issues | Array of Issues associated with the Entity |
| Hidden | Example: false |
| Seed | Whether the Entity is considered as a Seed. Example: false |
| Aliases | |
| Alias Group | |
| Collection Type | Example: user_collection |
| Collection Naics | As per the North American Industry Classification System. |
| Collection Uuid | |
| Organization Uuid | |
| Exfil Lookup Identifier | The identifier used for looking up data exfiltration associated with the Entity |
| Summary.Scoped | Example: false |
| Summary.Issues.Current With Cve | |
| Summary.Issues.Current By Severity.0 | |
| Summary.Issues.Current By Severity.1 | |
| Summary.Issues.Current By Severity.2 | |
| Summary.Issues.Current By Severity.3 | |
| Summary.Issues.Current By Severity.4 | |
| Summary.Issues.Current By Severity.5 | |
| Summary.Issues.All Time By Severity.0 | |
| Summary.Issues.All Time By Severity.1 | |
| Summary.Issues.All Time By Severity.2 | |
| Summary.Issues.All Time By Severity.3 | |
| Summary.Issues.All Time By Severity.4 | |
| Summary.Issues.All Time By Severity.5 | |
| Summary.Issues.Current Count | |
| Summary.Issues.All Time Count | |
| Summary.Issues.Critical Or High | |
| Summary.Task Results | |
| Summary.Screenshot Exists | |
| Summary.Http.Code | |
| Summary.Http.Title | |
| Summary.Http.Content.Favicon Hash | |
| Summary.Http.Content.Hash | |
| Summary.Http.Content.Forms | |
| Summary.Http.Auth.Any | |
| Summary.Http.Auth.Basic | |
| Summary.Http.Auth.Ntlm | |
| Summary.Http.Auth.Forms | |
| Summary.Http.Auth.2fa | |
| Summary.Ports.Tcp | |
| Summary.Ports.Udp | |
| Summary.Ports.Count | |
| Summary.Technology.Cloud | |
| Summary.Technology.Cloud Providers | |
| Summary.Technology.Cpes | |
| Summary.Technology.Technologies | |
| Summary.Technology.Technology Labels | |
| Summary.Network.Name | |
| Summary.Network.Asn | |
| Summary.Network.Route | |
| Summary.Network.Type | |
| Seeds | Example: [{"name"=>"acme", "type"=>"Intrigue::Entity::UniqueKeyword"}] |
| Notes | An array of notes. |
| Ports |
Exported Fields for Technologies
| Field | Description/Example |
|---|---|
| Refresh date | Example: 2023-06-03 12:15:27 UTC |
| Name | Example: Microsoft Sharepoint 16.0.0.23717 |
| Collection Name | |
| Last seen | Example: 2023-06-03T12:15:27.000Z |
| First seen | Example: 2023-06-03T12:15:27.000Z |
| Id | |
| Uid | |
| Uuid | |
| Dynamic Id | |
| Version | Released version number. Example: 16.0.0.23717 |
| Cpe Type | Example: application |
| Cpe | CPE identifiers are commonly used to search for Common Vulnerabilities and Exposures (CVEs) that affect the identified product. Example: cpe:2.3:a:microsoft:sharepoint:16.0.0.23717: |
| Collection Uuid | |
| Collection Type | Example: user_collection |
| Update | |
| Vendor | Vendor for the Technology. Example: Microsoft |
| Product | Product name. Example: Sharepoint |
| Organization Uuid | |
| Updated At | Example: 2023-06-03T12:15:27.000Z |
| Labels | Example: ["cots", "e-commerce", "javascript", "payments"] |
Updated 2 days ago