Importing external data from flat files - Security Center 5.12

Security Center Administrator Guide 5.12

Product
Security Center
Content type
Guides > Administrator guides
Version
5.12
Language
English
Last updated
2024-09-13

You can import the records contained in a flat file into Security Center through a record type.

Before you begin

What you should know

The Record Caching Service accepts the following file types:
JSON
JavaScript Object Notation.
BSON
Binary JSON.
CSV
Comma-separated values.
TSV
Tab-separated values.
SSV
Semi-colon-separated values.
GPX
GPS Exchange Format.
KML, KMZ
Keyhole Markup Language.
IMPORTANT: Note the following requirements:
  • The first row of CSV, TSV, and SSV files is ignored. It is assumed to be a header row.
  • With JSON files, the names and types of the fields defined in your record type must match the names and types of the fields found in the data file. The order of the fields is not important.
  • With all other types of files, the order and type of the fields defined in your record type must match the order and types of the fields found in the data file. The field names are not important.

Procedure

  1. Open the System task and click the Roles view.
  2. Select the Record Caching Service role that manages the record type you want to import data from, and click the Properties tab.
  3. Select the record type that matches the format of the data file you want to import and click Import data.
    Record import - Before the import.
    A file browser opens.
  4. Select the file you want to import and click Open.
    A progress bar is shown. Depending on the size of your data file, this might take a while.
    Record import - During the import.
  5. Click Logs to view the status of the current import operation.
    After the import is complete, the total number of records in your record type is updated.
    Record import - After the import.
  6. Click Last import logs to view your last import operation logs.
    The logs are replaced at every new import operation.
  7. If your record type is configured to raise events on ingestion, open Security Desk and do one of the following:
    • Open the Monitoring task to view the events corresponding to the ingested data items.

      If your record type is georeferenced, switch to map view to view the events on a map.

    • Open the Maps task to view the events that fall within the areas (geofences) defined on the map.
    • Open the Unified report task to query the ingested data using specific criteria.
    For more information, see Investigating record types.