Skip to main content
Skip table of contents

Exporting Findings

Security for Confluence allows users to export CSV files containing findings in the spaces for which they have administration privileges. This can be done from the Soteri Dashboard, or when viewing a particular space’s Security Analysis.

Exporting findings is very time-consuming and there is currently no way to monitor the progress of exports. See below for more information.

Exporting findings from the dashboard

To export all findings for all spaces for which you have administration privileges, click the Export button at the top of the Soteri Dashboard:

There are three options, all of which are in CSV format:

  • A Dashboard overview export of the list of spaces visible on the dashboard together with their individual scan status, up to date status, and the number of unreviewed findings in that space.

  • An All findings export contains the scan results for the space.

  • A Reviewed false positives export contains reviewed false positives, including who reviewed them and when they were reviewed. Reviewed false positives are scoped per-space and apply to all future and past findings in the space that match exactly.

Exporting space findings from the dashboard

To export findings for a particular space from the Soteri Dashboard, use the Export button in the Action Menu for the space:

overview__scan-from-dashboard.png

Finally, when viewing the Security Analysis for a particular space, you can use the Export Space dropdown at the top of the page:

Performance

Security for Confluence only stores the locations of findings, not their actual text. To perform an export, Security for Confluence therefore must query Confluence to retrieve the text of all content with findings, which can be very time consuming. This is particularly noticeable for full instance exports. A large full instance export could potentially take an hour or more.

Additionally, currently Security for Confluence does not provide feedback about the progress of the export—it will appear as if nothing is happening until the download suddenly completes. If you wish to confirm an export is still in progress, use your browser’s developer tools to inspect network requests, and filter by requests to the findings endpoint—if the request is open, the export is proceeding.

Deduplicate findings in exports

If you want to show every finding occurrence in your export reports, you can disable the Deduplicate findings in exports setting. Otherwise, findings will be presented once for every page they’re discovered in, even if the are discovered more than once in the history of that page, blog post, or attachment. This behavior presents an export similar to the layout of the Security Analysis page.

image-20241109-004713.png

Columns in exported findings reports

Following are the column names in the exported reports, in order, most of which are self-explanatory:

  1. Space key

  2. Content title

  3. Content ID

  4. Latest content version, or Content version if the “Deduplicate findings in exports” setting is disabled.

  5. Historical: if this scan finding is historical.

  6. Rule name

  7. Match text: the exact match text of the finding. This can be used to review the finding; see Hiding false positives, revoked credentials, etc. .

  8. Reviewed?

  9. Publication time

  10. Full text: the complete text of the fragment, or, if it is too long, then only the specific text that triggered the finding.

JavaScript errors detected

Please note, these errors can depend on your browser setup.

If this problem persists, please contact our support.

Contact Support Close