Create a CSV File
Generate a CSV file from the artifacts that
were added to an export list. By default, the CSV file is formatted to
contain a single row for each artifact; the row includes full WildFire
analysis details for the artifact, and commas separate the WildFire analysis
details within each row.
You can format the CSV file to support
a block list for a Palo Alto Networks firewall and to export additional
artifact metadata.
- ClickExportson the navigation pane.
- Select an export list to open, and choose artifacts to export:Export all artifacts in an export list:
- ClickExport All Items.
- Verify that theExport Rowsoption is set toAll.To quickly export all artifacts from the Exports page, clickExportin the Actions column of the export list.
Export artifacts based on the time period they were added to an export list:- ClickExport All Items.
- SetExport RowstoIn Date Range.
- Use theAdded Timefields to export artifacts based on the date and time range that the artifact was added to the export list.To quickly export artifacts within a date range from the Exports page, clickExportin the Actions column of the export list.
Export selected artifacts:- Select one or more artifacts to export:
- ClickExport Selected Items.
- (Optional) Format the CSV file to be compatible with a Palo Alto Networks firewall.SelectFormatted for PAN-OS block list.You can use the CSV file as a dynamic block list (PAN-OS 7.0 or earlier) or an external dynamic list (PAN-OS 7.1 or later), but the firewall only supports certain types of artifacts. Learn more about how to Use Export Lists with the Palo Alto Networks Firewall.
- (Optional) Export additional artifact data.SelectExport Metadata.This option adds the following columns to each artifact row:
- Added Time—The date and time that the artifact was added to the export list.
- Section—The artifact activitycategory.
- Label—The name of the export list.
- Value—The artifact that was added to the export list.
- SHA256—The SHA256 hash of the sample that the artifact was found with.
- SHA1—The SHA1 hash of the sample that the artifact was found with.
- MD5—The MD5 hash of the sample that the artifact was found with.
- Author Email—The email address of the user who added the artifact to the list.
- SelectExportto generate the CSV file.Use the CSV file to import AutoFocus data into a security information and event management (SIEM) tool, or Use Export Lists with the Palo Alto Networks Firewall.
