Fidelis Cybersecurity
Fidelis Blog


It’s your data: Halo Events Exporter

Our goal in everything we do here at CloudPassage is to make your life easier. Making your life harder would not only be pretty rude of us, it would also make it far less likely you or anyone else would want to use our services. That certainly wouldn’t make our lives easier.

Chances are, you have internal compliance requirements for data retention within your organization. It is also entirely possible that these requirements go above and beyond your SLA for data retention with CloudPassage Halo. Generally speaking, we retain server events and scan details for 90 days, and summarized scan data and portal auditing events for 2 years.

This may be enough for you. It may not be enough. Regardless, this data is not locked away in Halo. It’s yours and is easily retrievable through the use of our Halo Events Exporter.

What this exporter does is quite simple: it downloads all events for a given day, writes them to plaintext files in json, and then gzips these files. As a final option, it can upload them to S3 for safe keeping.

This Events Exporter is bundled up in a Docker container, so you don’t have to worry about dependencies. You can run it as a daily cron job or just make it an occasional or one-off task. If you download more than a day’s worth of data in one go, each day is automatically broken up into multiple files. On top of this, each file’s name includes the date of the enclosed events, allowing you to safely run the tool against the same S3 bucket or local directory without unintentionally overwriting another day’s information.

Since the downloaded data is in gzipped json, it’s easy to access programmatically without any further processing on your part. Plus, if you do take the optional step of dumping the data into S3, the process of auditing access to S3 buckets is very straightforward, bringing smiles to the faces of compliance people everywhere. And these folks can always use another reason to smile.

You can access the Halo Events Exporter (or Archiver) on GitHub right here:

As with all of our community-supported tools, you should only use the Exporter if you understand it well enough to support it on your own. Should you discover any problems while using it, feel free to open an issue in the Github project. Guidelines for contributing are included in the file, found in the Github repository.

Stay up to date on all things security

Subscribe to the Threat Geek Blog