<p>Export functionality is designed to automatically generate signatures for intrusion detection systems. To enable signature generation for a given attribute, Signature field of this attribute must be set to Yes.
Note that not all attribute types are applicable for signature generation, currently we only support NIDS signature generation for IP, domains, host names, user agents etc., and hash list generation for MD5/SHA1 values of file artifacts. Support for more attribute types is planned.
<br/>
<p>Simply click on any of the following buttons to download the appropriate data.</p>
<div class="row bottom-buffer">
<div class="span3">
<?php echo $this->Html->link('Download all as XML', array('action' => 'xml', 'download'), array('class' => 'btn btn-block full-width')); ?>
</div>
<div class="span9">Click this to download all events and attributes that you have access to <small>(except file attachments)</small> in a custom XML format.
</div>
</div>
<div class="row bottom-buffer">
<div class="span3">
<?php echo $this->Html->link('Download all signatures as CSV', array('action' => 'csv', 'download'), array('class' => 'btn btn-block full-width')); ?>
</div>
<div class="span9">Click this to download all attributes that are indicators and that you have access to <small>(except file attachments)</small> in CSV format.
</div>
</div>
<div class="row bottom-buffer">
<div class="span3">
<?php echo $this->Html->link('Download all as CSV', array('action' => 'csv', 'download', '0','1'), array('class' => 'btn btn-block full-width')); ?>
</div>
<div class="span9">Click this to download all attributes that you have access to <small>(except file attachments)</small> in CSV format.
<div class="span9">Click on one of these two buttons to download all MD5 or SHA1
checksums contained in file-related attributes. This list can be
used to feed forensic software when searching for susipicious files.
Only <em>published</em> events and attributes marked as <em>IDS
Signature</em> are exported.
</div>
</div>
<p>
Click on one of these buttons to download all the attributes with the matching type. This list can be used to feed forensic software when searching for susipicious files. Only <em>published</em> events and attributes marked as <em>IDS Signature</em> are exported.