Exporting data from Detective

You can export data from the Amazon Detective Summary page and search results page. The data is exported in comma-separated values (CSV) format. The file name of the exported data follows the pattern detective-page-panel-yyyy-mm-dd.csv format. You can enrich your security investigations by manipulating the data using other AWS services, third-party applications, or spreadsheet programs that support CSV import.

Note

If an export is currently in progress, wait until the export is complete before you try to export additional data.

You can export a comma-separated values (.csv) file that contains data from the following panels and pages in Detective:

Summary page
- Roles and users with the most API call volume panel
- EC2 instances with the most traffic volume panel
- EKS clusters with the most Kubernetes pods created panel
Search page – If your search returns more than 10,000 results, only the top 10,000 results are exported. Changing the sorting order changes the returned results.

Warning Javascript is disabled or is unavailable in your browser.

To use the Amazon Web Services Documentation, Javascript must be enabled. Please refer to your browser's Help pages for instructions.

Document Conventions

Searching for a finding or entity

Archiving a GuardDuty finding