All CSV exports in the Red Canary platform are now delivered via Shared Files and include header information that describes the export and each field in the document. CSV exports have been added to several of the existing Red Canary reports.
All CSV exports are now generated asynchronously to eliminate timeouts that occasionally occurred when downloading certain reports for extremely large enterprises. The background generation of these reports means that we can continue to add fields and context without needing pagination or other suboptimal workarounds.
Delivered via shared files
The shared files capability allows you to securely exchange files with Red Canary without using insecure mechanisms such as email. All CSV exports will now be delivered via these shared files so sensitive reports never cross email.
Most security teams perform much of their analysis in the world's premier security analysis platform: Microsoft Excel. CSVs, like most other export formats, have always struggled to describe the fields in the export.
After much brainstorming, research, and testing, we determined that including headers in each CSV export would provide readers with exactly the information they need to consume the data without relying on other documentation that might drift or have changed since the export was generated.
A little known part of the CSV spec allows for header comments that begin with a "#". We've also verified that the primary consumers of CSVs (Excel and Python / Powershell / Ruby scripts) could read CSVs with these headers, and all had no problems.
Every CSV exported from Red Canary now includes header information like the below: