Exporting Data
Export security events, audit logs, and reports from CastellanAI in multiple formats.
Flexible Exports
Export data on-demand or schedule automated exports for SIEM integration, compliance archives, and offline analysis.
Export Formats
| Format | Best For | Compatible With |
|---|---|---|
| CSV | Spreadsheet analysis, data imports | Excel, Google Sheets, LibreOffice |
| JSON | API integration, SIEM ingestion | Splunk, ELK Stack, custom scripts |
| Executive reports, audit documentation | Formatted layout with charts | |
| XLSX | Advanced analysis, pivot tables | Excel with formulas and formatting |
Exporting Security Events
- 1️⃣ Navigate
- 2️⃣ Apply Filters
- 3️⃣ Choose Format
- 4️⃣ Download
Step 1: Navigate to Events
Go to the Security Events page or Dashboard.
| Path | Description |
|---|---|
Dashboard → Export | Export dashboard data |
Events → Export | Export event list |
Step 2: Apply Filters (Optional)
Filter events before exporting to focus on specific data.
| Filter | Options |
|---|---|
| Time Range | Last 24 Hours, 7 Days, 30 Days, Custom |
| Severity | Critical, High, Medium, Low |
| Event Type | All Types or specific categories |
Step 3: Choose Export Format
Select the format that best suits your needs.
| Format | Use Case |
|---|---|
| CSV | Spreadsheet analysis |
| JSON | API integration |
| Formatted reports | |
| XLSX | Advanced Excel analysis |
Step 4: Download or Schedule
Choose immediate download or recurring exports.
| Option | Description |
|---|---|
| Download Now | Immediate file download |
| Daily Export | Email delivery at 6:00 AM |
| Weekly Export | Monday delivery |
Export Limits
| Subscription Tier | Max Events/Export | API Rate Limit |
|---|---|---|
| Small Business | 10,000 events | 10 exports/hour |
| Medium Business | 50,000 events | 30 exports/hour |
| Enterprise | Unlimited | 100 exports/hour |
Performance
For large exports (>10,000 events), use JSON or CSV for faster processing. PDF exports take longer due to formatting.
API-Based Exports
- 📊 Security Events
- 📋 Audit Logs
- 💻 cURL Example
Export Security Events
GET /api/v1/events/export
Parameters:
- format: csv|json|xlsx
- start_date: YYYY-MM-DD
- end_date: YYYY-MM-DD
- severity: critical|high|medium|low
Export Audit Logs
GET /api/v1/audit-logs/export
Parameters:
- format: csv|json
- user_id: filter by specific user
- action_type: authentication|configuration|etc
Example: cURL Request
curl -X GET \
'https://api.castellanai.com/v1/events/export?format=json&start_date=2025-01-01' \
-H 'Authorization: Bearer <your-api-key>'
Response: JSON array of events or file download
Scheduled Exports
- 📧 Email Delivery
- ☁️ Cloud Storage
- 🔐 SIEM Integration
Email Delivery
Automatically send exports to email addresses on a recurring schedule.
| Schedule | Delivery Time |
|---|---|
| Daily | 6:00 AM local time |
| Weekly | Monday 6:00 AM |
| Monthly | 1st of month, 6:00 AM |
Cloud Storage Integration
Automatically upload exports to cloud storage providers.
| Provider | Configuration |
|---|---|
| AWS S3 | Bucket name, access key |
| Azure Blob | Container, connection string |
| Google Cloud | Bucket, service account |
SIEM Integration
Stream events directly to SIEM platforms in real-time.
| Platform | Integration Method |
|---|---|
| Splunk | HTTP Event Collector |
| QRadar | Syslog or API |
| ArcSight | CEF format |
| ELK Stack | Logstash or direct API |
| Sentinel | Azure integration |
Data Retention & Archive
- 📦 Automatic Archival
- ✅ Compliance Retention
- 🔒 Encrypted Storage
Automatic Archival
| Tier | Hot Storage | Cold Storage |
|---|---|---|
| Standard | 90 days | Not included |
| Enterprise | 90 days | 1-7 years |
Compliance Retention
Configure custom retention periods to meet regulatory requirements.
| Regulation | Retention Period |
|---|---|
| SOX | 7 years |
| HIPAA | 6 years |
| PCI DSS | 1 year |
| GDPR | Varies |
Encrypted Storage
All exported and archived data is encrypted at rest.
| Feature | Implementation |
|---|---|
| Encryption | AES-256 |
| Key Management | Customer-managed or CastellanAI-managed |
| Access Control | Role-based access |
Best Practices
| Practice | Description |
|---|---|
| Use Filters | Apply time range and severity filters to reduce file size |
| Choose Right Format | CSV for spreadsheets, JSON for APIs, PDF for reports |
| Schedule Regular Exports | Automate for offline archives and compliance |
| Secure Exported Files | Encrypt before sharing externally |
| Monitor Export Activity | Track who exports data for compliance |
📝 Export Setup Checklist
- Identify export requirements (format, frequency)
- Configure appropriate filters
- Set up scheduled exports if needed
- Configure cloud storage integration
- Set up SIEM integration for real-time streaming
- Verify retention policies meet compliance
- Document export procedures
- Test export and verify data integrity
What's Next?
| Guide | Description |
|---|---|
| Custom Reports | Create custom security reports |
| Dashboard Overview | Dashboard features and metrics |
| Compliance Frameworks | Compliance reporting requirements |