Exporting your analysis results to CSV
You can export the results of an incident investigation from QRadar® Advisor with Watson™ to CSV format.
About this task
By exporting the results of your analysis, you can share the results with other groups to view the analysis in any CSV viewer. The CSV export contains information about malicious indicators such as toxicity, relevance, directionality, blocked and allowed flows and events, and reputation information.
Export to CSV format.
- On the Relationship Graph page, click .
- On the Watson Investigation page, select one or more investigations and then click Export. On the Export Investigations page, click the CSV tab.
Select the options that you want to include in the CSV file.
Option Description Only malicious nodes Select to export malicious nodes only. Clear the checkbox if you want the exported CSV file to contain both malicious and non-malicious nodes. Only locally observed nodes Select to export malicious local nodes based on Watson enriched results. Clear the checkbox to export all malicious nodes. Headers Select to include headers for the columns in the exported CSV file. Columns Select the columns that you want to include in the exported CSV file. Indicator Types Specifies the populated list of the entity types that are returned by Watson.The following example shows the light theme UI:
- Click Export.
Download and save the file.
An example of the format for the file is offenseid_stage_date.csv. Note: Multiple selections are downloaded and saved as a .zip file.