Forum Discussion
How to view ingested traffic logs on MCAS
Microsoftkaushal28 Thanks for the feedback! If you go to Discovered apps > there is an export button where you can export the data in an excel form. Hope this helps!
Caroline_LeeThanks for your reply! I've tried exporting the data from where you mentioned but it seems like it's the data of discovered applications only and not the original CEF data which I've ingested for that discovery. The same options are also available under IP addresses and Users tab, but it only exports the respective discovery related data and not the original one.
The purpose of being able to view/export the exact data which I have ingested is to verify whether my ingestion script is working perfectly or not (I want to use continuous reports). Now if I can only see the data fields/records on which the discovery is successful, I would not be able to exactly say whether the data I ingested had no findings when MCAS ran discovery on it or my script messed up and MCAS never actually received that data to perform discovery on.
So for this purpose, only the count of the number of records received by MCAS is also enough. Is there such an option available yet on the MCAS platform?
Thanks!- Caroline_Lee
kaushal28 Thanks for the clarification. Currently, you cannot see the actual data ingested in MCAS but you can see the # of uploaded logs if you go to Settings > Log Collector > Datasource tab.
- Caroline_Lee I just checked it and it seems it's displaying the number of log files uploaded so far for any data source (and not the actual number of logs because each log file can have a large number of logs).
Anyways, Thanks for your reply!
