Exporting Search Results

Exported search results in Attack Surface Management (ASM) contain raw data used for the platform to display related content such as the list of Issues, Entities, and Technologies. Some fields are intentionally left blank. The content fields are exported into a JSON or CSV file. Exported files contain all fields associated with your search results.

To export search results

  1. In ASM, select the Issues, Entities, or Technologies tab.

  2. Select the relevant search Filters, making adjustments as needed to refine the scope.

    ℹ️

    Existing search results are exported. Therefore, before exporting, you must run searches using your required search criteria.

  3. Click the Export button.

    ℹ️

    When you select Export, you are notified that the export is in progress.
    Once the export is complete, you will receive an email containing a link to the file.

  4. You can also access the Download Exports page by selecting Exports from your Projects and Settings menu. Click associated with a selected export file and select either Download CSV or Download JSON. The downloaded file can be found in the default download folder of your local machine.

Exported Search Results

The following tables tabulate the exported fields for Issues, Entities, and Technologies

Exported Fields for Issues

FieldDescription/Example
Refresh dateExample: 2023-06-03 12:15:27 UTC
Type
Name
Collection Name
Last seenExample: 2023-06-03T12:15:27.000Z
First seenExample: 2023-06-03T12:15:27.000Z
Id
Uid
Uuid
DescriptionExample: When using the Apache JServ Protocol (AJP), care must be taken when trusting incoming connections to Apache Tomcat. Tomcat treats AJP connections as having higher trust than, for example, a similar HTTP connection ...
Dynamic IdExample: 19247113
Pretty NameExample: Apache HTTP Server Path Traversal Bypass (CVE-2021-42013)
UpstreamThe system that is associated with the issues for data collection
Entity Uid
Entity NameExample: <IP address & Port for a server>
Alias Group
Collection Uuid
Collection TypeExample: user_collection
Organization Uuid
Summary.Pretty NameExample: Apache HTTP Server Path Traversal Bypass (CVE-2021-42013)
Summary.SeveritySeverity of the Issue
Summary.ScopedExample: true
Summary.ConfidenceExample: confirmed
Summary.StatusExample: open_new
Summary.CategoryExample: Vulnerability
Summary.IdentifiersExample: [{"name"=>"CVE-2021-42013", "type"=>"CVE"}]
Summary.Status NewExample: open
Summary.Status New DetailedExample: new
Summary.Tickets ListList of tickets represented as an array
TagsArray of identifier tags
Cisa Known ExploitedExample: true
Epss V2 Score Lte
Epss V2 Percentile GtePercentile position among the total numbers
ProofExample: {"additional_info":"The Tomcat instance was identified vulnerable as a successful connection was made to the AJP Connector."}
RemediationExample: Disable
ReferencesExample: [{"uri"=>"https://www.chaitin.cn/en/ghostcat", "type"=>"description"}, {"uri"=>"https://www.tenable.com/blog/cve-2020-1938-ghostcat-apache-tomcat-ajp-file-readinclusion-vulnerability-cnvd-2020-10487", "type"=>"description"}, {"uri"=>"https://github.com/YDHCUI/CNVD-2020-10487-Tomcat-Ajp-lfi", "type"=>"exploit"}, ...]
NotesAn array of notes.
Collection Pretty NameExample: Abc AWS Network

Exported Fields for Entities

FieldDescription/Example
Refresh dateExample: 2023-06-03 12:15:27 UTC
Type
Name
Collection Name
Last seenExample: 2023-06-03T12:15:27.000Z
First seenExample: 2023-06-03T12:15:27.000Z
# IssuesExample: 0
Id
Uid
Uuid
Dynamic Id
TagsArray of identifier tags
IssuesArray of Issues associated with the Entity
HiddenExample: false
SeedWhether the Entity is considered as a Seed. Example: false
Aliases
Alias Group
Collection TypeExample: user_collection
Collection NaicsAs per the North American Industry Classification System.
Collection Uuid
Organization Uuid
Exfil Lookup IdentifierThe identifier used for looking up data exfiltration associated with the Entity
Summary.ScopedExample: false
Summary.Issues.Current With Cve
Summary.Issues.Current By Severity.0
Summary.Issues.Current By Severity.1
Summary.Issues.Current By Severity.2
Summary.Issues.Current By Severity.3
Summary.Issues.Current By Severity.4
Summary.Issues.Current By Severity.5
Summary.Issues.All Time By Severity.0
Summary.Issues.All Time By Severity.1
Summary.Issues.All Time By Severity.2
Summary.Issues.All Time By Severity.3
Summary.Issues.All Time By Severity.4
Summary.Issues.All Time By Severity.5
Summary.Issues.Current Count
Summary.Issues.All Time Count
Summary.Issues.Critical Or High
Summary.Task Results
Summary.Screenshot Exists
Summary.Http.Code
Summary.Http.Title
Summary.Http.Content.Favicon Hash
Summary.Http.Content.Hash
Summary.Http.Content.Forms
Summary.Http.Auth.Any
Summary.Http.Auth.Basic
Summary.Http.Auth.Ntlm
Summary.Http.Auth.Forms
Summary.Http.Auth.2fa
Summary.Ports.Tcp
Summary.Ports.Udp
Summary.Ports.Count
Summary.Technology.Cloud
Summary.Technology.Cloud Providers
Summary.Technology.Cpes
Summary.Technology.Technologies
Summary.Technology.Technology Labels
Summary.Network.Name
Summary.Network.Asn
Summary.Network.Route
Summary.Network.Type
SeedsExample: [{"name"=>"acme", "type"=>"Intrigue::Entity::UniqueKeyword"}]
NotesAn array of notes.
Ports

Exported Fields for Technologies

FieldDescription/Example
Refresh dateExample: 2023-06-03 12:15:27 UTC
NameExample: Microsoft Sharepoint 16.0.0.23717
Collection Name
Last seenExample: 2023-06-03T12:15:27.000Z
First seenExample: 2023-06-03T12:15:27.000Z
Id
Uid
Uuid
Dynamic Id
VersionReleased version number. Example: 16.0.0.23717
Cpe TypeExample: application
CpeCPE identifiers are commonly used to search for Common Vulnerabilities and Exposures (CVEs) that affect the identified product. Example: cpe:2.3:a:microsoft:sharepoint:16.0.0.23717:
Collection Uuid
Collection TypeExample: user_collection
Update
VendorVendor for the Technology. Example: Microsoft
ProductProduct name. Example: Sharepoint
Organization Uuid
Updated AtExample: 2023-06-03T12:15:27.000Z
LabelsExample: ["cots", "e-commerce", "javascript", "payments"]