Use Canary Exporter to export your shell activity data.
Set up Canary Exporter
- In Red Canary, click your profile icon, and then click Canary Exporter.
- Select which type of data you’d like to export.
- Click Generate Credentials. This will revoke any previously generated credentials, so use this with care.
Credentials are organization specific, not specific to your user account. You will receive one AWS key pair for your organization, which should be documented and kept as safe as you would any other password. If you lose your key material, generate a new set of credentials immediately.
- Create your
config.yamlfile by following the instructions on the page.
- Run one or more exporters on a host inside your network by following the instructions on the page.
Configure shell activity data export
config.yaml, and then add the following line:
s3_select_where: “S3Object.is_shell_activity = true”