How to manually export search results from the Advanced Threat Protection web interface

book

Article ID: 178965

calendar_today

Updated On:

Products

Symantec Products

Issue/Introduction

 

Resolution

This process walks through using the debug console feature of Firefox to inject arbitrary values into the request sent to ATP to provide more events and also gather the response data to parse it and convert to CSV format.

  1. Use Firefox version 4 or later and log in to the ATP web interface. Navigate to the Search page by clicking the magnifying glass in the left-hand menu.
  2. Press Ctrl - Shift - Q or choose Tools -> Web Developer -> Network in the Firefox menu to access the Network console
  3. In the ATP search field, enter the search criteria. The default number of records returned is 50.
  4. You should see an entry show up in the console with the file "/simple?pageNumber=0&pageSize=50". Click this entry and click the 'Edit and Resend' button on the far right.
  5. Edit the POST request data and change the pageSize value from 50 to 5000 and click Send
  6. You should now see 5000 results returned in the web page. Right-click the entry in the Network console showing pageSize of 5000 and choose Copy Response
  7. Paste the text into a text editor such as notepad.exe. The data will be in JSON format.
  8. You can save this file to be parsed or use https://json-csv.com/ to convert it to CSV format.
    1. Using https://json-csv.com/ you would simply paste the text into the Convert JSON to CSV field and Download below to be provided with a CSV file that can be opened in Microsoft Excel.

Attachments

Import search result from ATP.docx get_app