S3 Data Export Views and Folder Structure
When using the S3 data export feature, data is exported into various folders. The folder structure is as follows:
Agent Dataset
- Folder path format: agent/YYYY-MM-DD/YYYY-MM-DD-HH-00/xxxxx.json.gz
- Agent folder ⤵️
- Date folder: Within the date folder, there are hourly folders that represent the data exported at the top of the hour. ⤵️
- Hourly folder: Within the hourly folder, there are JSON files that correspond to the following table views:
- Agent_management.json.gz
- Alert_details.json.gz
- All_files.json.gz
- Applications.json.gz
- Change_files.json.gz
- Cmdline.json.gz
- Connections.json.gz
- Container_summary.json.gz
- Container_vuln_details.json.gz
- Dns_query.json.gz
- Host_vuln_details.json.gz
- Image.json.gz
- Interfaces.json.gz
- Internal_ipa.json.gz
- Machine_details.json.gz
- Machine_summary.json.gz
- New_hashes.json.gz
- Package.json.gz
- Pod_summary.json.gz
- Process_summary.json.gz
- User_details.json.gz
- User_login.json.gz
- Hourly folder: Within the hourly folder, there are JSON files that correspond to the following table views:
- Date folder: Within the date folder, there are hourly folders that represent the data exported at the top of the hour. ⤵️
- Agent folder ⤵️
AWS CloudTrail Dataset
Folder path format: AWSCloudTrail/YYYY-MM-DD/YYYY-MM-DD-HH-00/
Azure Activity Log Dataset
Folder path format: AzureActivityLog/YYYY-MM-DD/YYYY-MM-DD-HH-00/
AWS Compliance Dataset
Folder path format: AWSCompliance/YYYY-MM-DD/YYYY-MM-DD-HH-00/
Azure Compliance Dataset
Folder path format: AzureCompliance/YYYY-MM-DD/YYYY-MM-DD-HH-00/
GCP Compliance dataset
Folder path format: GCPCompliance/YYYY-MM-DD/YYYY-MM-DD-HH-00/