Export
Guardian Pro allows you to export findings from the Action Centre in structured formats for use in external reporting, auditing, integrations, or offline analysis. Exports capture the full detail of your findings, including severity, status, affected resources, remediation guidance, and compliance mappings.
Export Formats
Guardian Pro supports two export formats:
CSV
Comma-separated values. Suitable for:
- Opening in spreadsheet applications (Excel, Google Sheets).
- Importing into business intelligence or reporting tools.
- Sharing with non-technical stakeholders who prefer tabular data.
- Generating custom reports and charts.
CSV exports include one row per finding with columns for all key attributes.
JSON
JavaScript Object Notation. Suitable for:
- Programmatic processing and automation.
- Importing into SIEM, ticketing, or incident management systems.
- Integration with custom dashboards or data pipelines.
- Archiving with full structural fidelity.
JSON exports include the complete finding data structure, including nested objects like remediation steps and compliance mappings.
How to Export
- Navigate to the Action Centre.
- Optionally apply filters and lenses to narrow the findings you want to export. The export will include only the findings matching your current view.
- Click the Export button in the Action Centre toolbar.
- Select your desired format: CSV or JSON.
- The file downloads to your browser's default download location.
Apply filters before exporting to create targeted reports. For example, filter by Severity: Critical and Status: Active to export a list of all open critical findings -- perfect for an executive security briefing.
What Is Included in the Export
Each exported finding includes the following fields:
| Field | Description |
|---|---|
| Finding ID | Unique identifier for the finding. |
| Check ID | The identifier of the automated check that generated this finding. |
| Title | Summary of the issue. |
| Description | Detailed explanation of the finding. |
| Severity | Critical, High, Medium, or Low. |
| Category | Security, Cost Optimization, Operational Excellence, or Architecture. |
| Status | Current status (Active, Remediated, Suppressed, etc.). |
| Service | The AWS service category. |
| Resource ID | The identifier of the affected resource. |
| Resource ARN | The Amazon Resource Name of the affected resource. |
| Resource Name | The name tag of the affected resource (if available). |
| Region | The AWS region where the resource resides. |
| Account ID | The AWS account containing the resource. |
| First Detected | When the finding was first identified. |
| Last Evaluated | When the check was most recently run. |
| Remediation Available | Whether automated remediation is supported. |
| Remediation Steps | Instructions for resolving the issue. |
| Impact Summary | Description of what remediation will change. |
| Risk Level | Remediation risk assessment (Low, Medium, High). |
| Rollback Available | Whether remediation can be reversed. |
| Compliance Mappings | Related compliance framework controls (JSON export only). |
The JSON format preserves the full nested structure of compliance mappings and remediation steps. The CSV format flattens these into individual columns for spreadsheet compatibility.
Filtered Exports
Exports respect all currently active filters, lenses, and search criteria. This means you can create highly targeted exports by narrowing your view first:
Example: Export for Compliance Audit
- Select the Compliance lens.
- Filter by Status: Active.
- Export as CSV.
- The resulting file contains all open findings mapped to compliance controls -- ready for an auditor.
Example: Export for Cost Review
- Select the Cost Exposure lens.
- Filter by Category: Cost Optimization.
- Export as JSON.
- The resulting file contains all cost optimization findings, sorted by financial impact.
Example: Export for Service Owner
- Filter by Service: RDS and Status: Active.
- Export as CSV.
- Send the file to the database team for review and action.
Example: Export All Findings
- Ensure no filters are applied (or clear all filters).
- Select the All lens.
- Export in your preferred format.
- The resulting file contains every finding in the current account.
Export and Multi-Account
If you have selected a specific account using the account switcher, the export will contain findings for that account only. If you are viewing the aggregated view (all accounts), the export includes findings across all connected accounts, with the Account ID field identifying which account each finding belongs to.
Using Exported Data
Spreadsheet Analysis
Open a CSV export in Excel or Google Sheets to:
- Create pivot tables summarizing findings by severity, service, or region.
- Build charts showing finding distribution.
- Filter and sort to create custom prioritization views.
- Share summary tabs with stakeholders who do not have Guardian Pro access.
Integration with External Tools
Use JSON exports to feed findings into other systems:
- SIEM platforms -- Import findings for correlation with other security data.
- Ticketing systems -- Create tickets for each finding or group of findings.
- Compliance platforms -- Map findings to your organization's compliance workflow.
- Custom dashboards -- Process JSON data to populate internal reporting tools.
- Data lakes -- Archive findings for historical trend analysis.
Audit Evidence
Exports serve as point-in-time evidence for compliance audits. A filtered export showing remediated findings for a specific compliance framework demonstrates your organization's security posture at the time of the audit.
For formal audit purposes, consider exporting findings regularly (for example, weekly or monthly) and archiving them. This builds a historical record that demonstrates continuous improvement in your security posture over time.
Frequently Asked Questions
Is there a limit on export size?
Exports include all findings matching your current filters and lens. For environments with very large numbers of findings, the export may take a moment to generate. There is no hard limit on the number of findings that can be exported.
Can I schedule recurring exports?
Currently, exports are triggered manually from the Action Centre. For automated, recurring exports, consider using the Guardian Pro API or setting up a notification webhook that delivers finding data to an external endpoint on a schedule.
Are suppressed and acknowledged findings included?
Suppressed and acknowledged findings are included only if your current filters include those statuses. By default, the Action Centre shows only active findings, so you would need to explicitly filter for Suppressed or Acknowledged status to include them in the export.
Can I export from the Compliance Dashboard?
Yes. The Compliance Dashboard has its own export capability that supports PDF, CSV, and JSON formats tailored for compliance reporting. See the Compliance documentation for details.
Next Steps
- Action Centre Overview -- Return to the full overview.
- Filtering and Search -- Set up filters before exporting.
- Bulk Actions -- Take action on findings before or after exporting.
- Compliance Dashboard -- Access compliance-specific export features.