FortiSOAR: Security Orchestration and Response software provides innovative case management, automation, and orchestration. It pulls together all of an organization's tools, helps unify operations, and reduce alert fatigue, context switching, and the mean time to respond to incidents.
Customers often need to export all incident data into a .CSV file for
audit requirements. You can export the incident data from the UI; however if the number of incidents are large then direct export from the UI gets tedious.
To export a large number of incidents, you can use the attached playbook (Playbooks - Record CSV Export) to export
thousands of records into a .CSV file. The earlier version of this playbook (Export Incidents As CSV)is also attached for backward compatibility.
The following updates have been made in the Record CSV Export playbook collection:
Handled empty date fields; earlier they were getting set to Jan 01 1970.
Handled multiselect picklists; earlier a JSON object was getting put instead of a comma separated list.
Updates the column names to use the module field labels.
Sorted the fields according to the fields that are selected in the query with __selectFields.
In the Record CSV Export playbook collection, all you need to do is to update the 'Configuration' step of the 'Export Filtered Records as CSV' playbook to change the sender email address, receiver email address, module to
export, filters to apply, etc.