S3 Data Export Views and Folder Structure
When using the S3 data export feature, data will be exported into various folders. Find the folder structure outlined below.
Agent dataset
- Folder path format: agent/YYYY-MM-DD/YYYY-MM-DD-HH-00/xxxxx.json.gz
- Agent folder ⤵️
- Date folder: Within the date folder, there are hourly folders that represent the data exported at the top of the hour. ⤵️
- Hourly folder: Within the hourly folder, there are JSON files that correspond to the table views below:
- Alert_details_v.json.gz
- Machine_details_v.json.gz
- Host_vuln_details_v.json.gz
- Container_vuln_details_v.json.gz
- All_files_v.json.gz
- Change_files_v.json.gz
- Cmdline_v.json.gz
- Container_summary_v.json.gz
- Dns_query_v.json.gz
- Internal_ipa_v.json.gz
- Machine_summary_v.json.gz
- New_hashes_v.json.gz
- Pod_summary_v.json.gz
- Process_summary_v.json.gz
- User_details_v.json.gz
- User_login_v.json.gz
- Interfaces_v.json.gz
- Package_v.json.gz
- Image_v.json.gz
- Applications_v.json.gz
- Hourly folder: Within the hourly folder, there are JSON files that correspond to the table views below:
- Date folder: Within the date folder, there are hourly folders that represent the data exported at the top of the hour. ⤵️
- Agent folder ⤵️
AWS CloudTrail dataset
Folder path format: AWSCloudTrail/YYYY-MM-DD/YYYY-MM-DD-HH-00/
Azure Activity Log dataset
Folder path format: AzureActivityLog/YYYY-MM-DD/YYYY-MM-DD-HH-00/
AWS Compliance dataset
Folder path format: AWSCompliance/YYYY-MM-DD/YYYY-MM-DD-HH-00/
Azure Compliance dataset
Folder path format: AzureCompliance/YYYY-MM-DD/YYYY-MM-DD-HH-00/
GCP Compliance dataset
Folder path format: GCPCompliance/YYYY-MM-DD/YYYY-MM-DD-HH-00/
Openshift Compliance dataset
Folder path format: Openshift/YYYY-MM-DD/YYYY-MM-DD-HH-00/