How to manually export search results from the Advanced Threat Protection web interface


Article ID: 178965


Updated On:


Symantec Products




This process walks through using the debug console feature of Firefox to inject arbitrary values into the request sent to ATP to provide more events and also gather the response data to parse it and convert to CSV format.

  1. Use Firefox version 4 or later and log in to the ATP web interface. Navigate to the Search page by clicking the magnifying glass in the left-hand menu.
  2. Press Ctrl - Shift - Q or choose Tools -> Web Developer -> Network in the Firefox menu to access the Network console
  3. In the ATP search field, enter the search criteria. The default number of records returned is 50.
  4. You should see an entry show up in the console with the file "/simple?pageNumber=0&pageSize=50". Click this entry and click the 'Edit and Resend' button on the far right.
  5. Edit the POST request data and change the pageSize value from 50 to 5000 and click Send
  6. You should now see 5000 results returned in the web page. Right-click the entry in the Network console showing pageSize of 5000 and choose Copy Response
  7. Paste the text into a text editor such as notepad.exe. The data will be in JSON format.
  8. You can save this file to be parsed or use to convert it to CSV format.
    1. Using you would simply paste the text into the Convert JSON to CSV field and Download below to be provided with a CSV file that can be opened in Microsoft Excel.


Import search result from ATP.docx get_app