How to manually export search results from the Advanced Threat Protection web interface
Updated On:09-03-2017 15:08
This process walks through using the debug console feature of Firefox to inject arbitrary values into the request sent to ATP to provide more events and also gather the response data to parse it and convert to CSV format.
Use Firefox version 4 or later and log in to the ATP web interface. Navigate to the Search page by clicking the magnifying glass in the left-hand menu.
Press Ctrl - Shift - Q or choose Tools -> Web Developer -> Network in the Firefox menu to access the Network console
In the ATP search field, enter the search criteria. The default number of records returned is 50.
You should see an entry show up in the console with the file "/simple?pageNumber=0&pageSize=50". Click this entry and click the 'Edit and Resend' button on the far right.
Edit the POST request data and change the pageSize value from 50 to 5000 and click Send
You should now see 5000 results returned in the web page. Right-click the entry in the Network console showing pageSize of 5000 and choose Copy Response
Paste the text into a text editor such as notepad.exe. The data will be in JSON format.
You can save this file to be parsed or use https://json-csv.com/ to convert it to CSV format.
Using https://json-csv.com/ you would simply paste the text into the Convert JSON to CSV field and Download below to be provided with a CSV file that can be opened in Microsoft Excel.
insert_drive_file Import search result from ATP.docx