Export Anomalies to a CSV File
You can download a CSV file containing the details for each anomaly. The report includes data related to the selected table elements.
NOTE: When you export Superhuman Anomalies to a CSV file, you will only get a sample of filtered anomalies. It will not be a complete list of anomalies, so counts in the user interface and the exported file will not match. This is the expected behavior.
To download a CSV file:
- Go to Incidents > Anomalies > Anomalies.
- Select the anomaly from the table you wish to export.
- Click Actions > Download CSV.
The following information is captured in the CSV file:
| Field Name | Description |
|---|---|
| Activity Names | The specific name of more than 100 possible activities performed. |
| Anomaly Category | Displays anomaly category. The four anomaly categories are Access Anomalies, Administration Anomalies, Data Anomalies, and Custom Anomalies. |
| Anomaly Cause | The reason for which the anomaly occurred. |
| Anomaly Duration | The interval at which the threshold is evaluated to detect an anomaly (hourly, daily, weekly, or monthly). |
| Anomaly Generated Time | The recorded time when the anomaly occurred. (This is dynamically adjusted to the local time zone of your computer.) |
| Anomaly ID | The unique number of the Anomaly. |
| Anomaly Significant Updated Time | Displays the last time a significant change occurred in the anomaly, such as an update to the risk score or severity. |
| Anomaly Status | Displays the current status of the anomaly, such as Archived, False positive, Opened, New, resolved, or Suppressed. |
| Anomaly Type | Displays the anomaly type. The anomaly type is derived from the anomaly category (such as Superhuman Anomaly, Anomalous Access Location Anomaly, etc). |
| Anomaly Updated Time | Displays the latest update time for the anomaly. |
| Comments | A paragraph describes the current anomaly and how it was generated, based on Skyhigh CASB's definitions. You can use this information to understand better what the anomaly represents and why it may pose a risk to your data security. |
| Instance Name | Displays the specific resource instance affected by the anomaly. |
| Owner | Displays the name of the user who triggered the anomaly. |
| Risk Score | The default Risk Score provided by Skyhigh CASB is based on sanctioned user activities and incidents and is scored from 1 to 9. Green is Low (1-3), Yellow is Medium (4-6), and Red is High (7-9). |
| Service Name | Displays the name of the cloud service where the anomaly was detected. |
| Sev | Each anomaly is ranked based on severity:
|
| Threshold Value | Displays the threshold limit that defines when activity is considered an anomaly. |
| User Name | Displays the name of the user who triggered the anomaly. |
| User UID | Unique user identification number in your organization. |