Export incidents queue to CSV files
Applies to:
- Microsoft Defender XDR
The Export feature allows you to export the data in the incident queue that is displayed according to the applied filters and time ranges. It's available in the form of a button named Export, as displayed in the following screenshot:
When you click the Export button, the data is exported to a CSV file. You can apply various filters and time ranges to the incidents queue (not just in the context of exporting the data, but in a generic context). When you select Export, whichever filters and/or time ranges are applied to the incidents queue, such data is exported to the CSV file.
Once you export the incidents queue-related data onto the CSV file, you can analyze the data and filter it further, based on your requirements.
For example, for the data on the CSV file, you can apply filters to view the following data:
- Data regarding how many high-severity incidents you had in the last 30 days.
- Data regarding who is your most productive analyst.
Note
The maximum number of records you can export to a CSV file is 10,000.
If you have thoughts or suggestions about the new Export feature (the Export button) for the incident queue, contact Microsoft team or send your feedback through the Microsoft Defender portal.
Tip
Do you want to learn more? Engage with the Microsoft Security community in our Tech Community: Microsoft Defender XDR Tech Community.
Feedback
Bald verfügbar: Im Laufe des Jahres 2024 werden wir GitHub-Issues stufenweise als Feedbackmechanismus für Inhalte abbauen und durch ein neues Feedbacksystem ersetzen. Weitere Informationen finden Sie unter https://aka.ms/ContentUserFeedback.
Feedback senden und anzeigen für