Exporting Data

Previous Next

S4E Cloud lets you download data from lists, dashboards, and detail views for analysis, sharing, and archiving. Exports respect the filters and search you apply on the page, so narrow the view first if you only need a subset.

This page describes where each export lives in the UI. For automated exports, see Exporting via API.

Summary: export entry points

Area Path / context Typical formats
Asset List Asset Manager CSV, JSON
Security Operations Overview Dashboard workflow panel Panel Export (top right)
Scan Reports (list) Scan Reports (Reports table) PDF (Detailed / Summary), CSV, HTML (Detailed / Summary)
Single Finding / Result Scan report detail page PDF, CSV, HTML
Crawler History Comparison Crawler ResultsCrawler History Export for selected rows (with Compare)
Data Explorer Data Explorer Export from toolbar
Threat Intelligence Threat Intelligence Export from toolbar

1. Asset list (Asset Manager)

Export your asset inventory from the Asset Manager screen.

  1. Open Asset Manager (breadcrumb: Main → Asset Manager).
  2. Optional: use Search, INET, and filters (Tags, Verify Status, Advanced Security, Created At, Detection Source, More +) so the table matches what you want in the file.
  3. Click Export on the right side of the table toolbar.
  4. Choose CSV or JSON.

2. Dashboard — Security Operations Overview

The Security Operations Overview dashboard visualizes how assets flow through scanning, analysis, and posture (workflow / Sankey-style view).

  1. Open the dashboard that contains Security Operations Overview (“How your assets are protected, scanned, and monitored”).
  2. Hover or focus the Export control in the top-right of that dashboard panel (upload/export icon).
  3. Use the tooltip Export to confirm the correct control, then export using the UI action (capture of the current workflow view).

3. Scan Reports (list)

From the Scan Reports page (Main → Scan Reports), you can export the filtered table of results.

  1. Optionally filter with Search, Search Ports, INET, Asset, Tags, Severity, Status, Scan Tools, Date, and More +.
  2. Click Export on the right of the filter row.
  3. Choose a format:
    • PDF — open the submenu and pick Detailed or Summary.
    • CSV — single option (current table scope).
    • HTML — open the submenu and pick Detailed or Summary.

4. Finding (result detail)

For a single scan result, open its detail page (title shows the scanner name; breadcrumb includes Scan Reports and the target).

  1. Open the finding / result you need.
  2. Click Actions (top right).
  3. Point to Export to open the submenu.
  4. Choose PDF, CSV, or HTML.

5. Crawler history (compare export)

On Crawler History (Main → Crawler Results → Crawler History), you can select multiple runs and export in the context of comparison.

  1. Filter or search as needed (Search, Search Ports, Asset, Tags, Status, Source, Date).
  2. Use the row checkboxes to select the crawler runs to include.
  3. Selected runs appear in the Selected strip above the table.
  4. Click Export next to Compare to download export for the current selection (use Compare when you want a side-by-side view in the product).

6. Data Explorer

In Data Explorer (Main → Data Explorer):

  1. Build your view with the search box, Asset, Scan Tools, Scan Category, and Predefined Filters as needed. Use Clear to reset filters.
  2. Click Export on the right side of the filter toolbar to download data matching the current filters.

7. Threat Intelligence

On Threat Intelligence (Main → Threat Intelligence):

  1. Use Search and filters (Threat Intelligence, Asset) to scope the table.
  2. Click Export on the right of the filter bar to export the visible dataset (for example URL, username, password, source platform, breached date columns).

Export formats (reference)

CSV

Best for spreadsheets and quick analysis. Usually one row per record with a header row and UTF-8 encoding.

JSON

Best for scripts, APIs, and pipelines; preserves structure where the export includes nested fields.

PDF / HTML

Best for human-readable reports. On Scan Reports list export, PDF and HTML offer Detailed vs Summary variants; single-result export from Actions offers PDF, CSV, and HTML without that same submenu in the UI.

Exporting via API

Use POST /report/export on the public API (see Base URL). The body is JSON; authentication uses your Public API Token in the token field, consistent with other public endpoints.

Responses (from API spec):

Code Meaning
200 Report exported successfully.
401 Invalid API token.

Required body fields

Field Type Description
output_type string Export format: csv, html, pdf, or json.
token string Public API token (3256 characters).

Output and template

Field Type Default Description
template string short Report layout for applicable formats: full (equivalent to UI Detailed) or short (equivalent to UI Summary).
delimiter string , CSV delimiter: , or ;.

Filters and scope

Field Type Description
scan_output_slugs string[] Scan output slugs to include.
slug string Unique scan result id (3400 chars, pattern: alphanumeric and hyphen).
group_scan_slug string Group scan result id (same pattern).
severity integer[] 1 Information, 2 Low, 3 Medium, 4 High, 5 Critical.
asset_id integer[] Asset IDs.
asset string Filter by asset name.
scan_category_slug string[] One or more of: dns-controls, ssl-controls, misconfiguration, network-vulnerabilities, web-vulnerabilities, information-scans, product-based-web-vulnerabilities, product-based-network-vulnerabilities, exposed-panels.
report_status integer[] 0 Open, 1 Fixed, 2 Request for Approval, 3 Accepted Risk, 4 False Positive, 5 Support Ongoing, 6 No Action Required, 7 Reopened, 8 In Progress.
source integer[] 0 single-scan, 1 full-scan, 2 half-scan, 3 continuous-scan, 4 api, 5 crawl-only, 6 web-vuln, 7 global, 9 fast-scan, 10 api-group-scan, 11 single-scan-bulk-asset, 12 single-scan-bulk-url.
name string Report name filter (3300 chars).
scan_slug string Scan slug filter (3300 chars).
port integer[] Ports
tag string Filter by tag.
tag_ids integer[] Filter by tag IDs.
read boolean Filter by read / unread.
if_custom boolean Include custom fields when applicable.
started_at integer Start timestamp filter.
finished_at integer End timestamp filter.
until_date integer Include reports up to this date.

Sorting and misc

Field Type Default Description
order_by string finished_at Sort field: id, severity, or finished_at.
order_type string desc asc or desc.
count_total_only boolean false If true, return only the total count of matching reports.

Example

curl -X POST 'API_URL/report/export' \
  -H 'Content-Type: application/json' \
  -d '{
    "output_type": "json",
    "template": "full",
    "severity": [5, 4],
    "report_status": [0],
    "token": "your_api_token"
  }' \
  -o report_export.json

Replace API_URL with your API base URL. Full endpoint listing and neighboring report endpoints are under Export reports.

Tip

Combine time and asset filters (started_at, finished_at, asset_id, …) to keep each export within a manageable size. Use count_total_only first if you need to estimate volume.

Export limits

Plan Max Records per Export API Rate Limit
Starter 1,000 10 requests/minute
Professional 10,000 60 requests/minute
Enterprise Unlimited 300 requests/minute

If you approach plan limits, narrow each request with filters (time range, assets, severity) or split into multiple exports.

Data privacy

Exported data may contain sensitive information about your infrastructure:

  • Handle exports according to your organization's data handling policies.
  • Use encrypted channels when transferring export files.
  • Delete exported files when they are no longer needed.
  • API tokens used for export should have minimal required permissions.

Warning

Exported PDF and HTML reports may contain detailed vulnerability information including evidence and proof-of-concept data. Treat these as confidential documents.

What's Next?

Data Explorer Understanding Findings