Export policy sets

This topic describes how to export policy set details to a CSV report, allowing you to analyze policy configurations in a structured, easy-to-read format, perform in-depth analysis of your security landscape, and share insights with relevant stakeholders.

Note: Per each vendor, you can download scheduled updated Policy reports (in CSV) containing all policies in a compressed .gz archive. The report contains information about the related assets and the summary of the risks associated with each rule. The report is created once a day and downloaded using Download Scheduled Policy Report API. To enable this feature, contact support.

Export policy set details to a CSV file

For AWS SG, Azure NSG, Azure Firewall Policies, and Google Cloud Policies

You can export a list of policy sets to a CSV file according to selected entities in the tree and filters (Vendor, Account, VNet/VPC, etc.).

About the exported CSV file:

  • The first line of the CSV report contains metadata including report generation time, information about any filters set when exporting the CSV, and other relevant settings.

  • The second line contains the table column headers.

  • The remaining lines in the CSV contain the report data.

  • CSV marker explanations:

    • , (comma): Used to separate fields.

    • | (vertical bar): Used to separate multiple values in a single field.

      Note regarding risks: Multiple risks detected on a single rule are shown in the Risk ID, Risk Title, and Risk Severity columns, separated by vertical bars (|). Each value relates to the value in the same position in the other columns.

    • : (colon): In the first line of the CSV report, the colon separates the name of the field from its value. For example, Time zone:Asia/Jerusalem.

      The colon is also used in the Affected assets column to separate elements in the affected assets path. For example: AutomationAccount:eu-central-1:AwsVPC:vpc-c82b3ba3:Frankfurt_ec2_auto.

    • . (period): Used to distinguish between hours and minutes when writing a time value. For example: 20.53.

      The period also separates the key-value pairs in tags. For example: App.MyApp.

  • If you open the CSV in MS Excel, to make it human readable you need to make some adjustments for AWS. Format the column account number and set the number of decimal places to 0.

Do the following:

  1. Click NETWORK POLICIES in the left navigation. In the tree, select AWS SG Policies, Azure Policies, or GCP Firewall Policies.

    • For Azure Policies: Select the Azure NSG tab or the Azure Firewall tab.

    • For GCP Firewall Policies: Select the Firewall Policies tab or the Hierarchical Policies tab.

      Note: Hierarchical rules only appear in the report exported from the Hierarchical Policies tab and not in reports exported from the Firewall Policies tab.

  2. (Optional) Use the filters to view a specific set of policies. (For more details see Search policy sets and Filter displayed policy sets).

    Note: While rules from merged policy sets might not appear in the filtered results displayed in the Policy page, they do appear in the exported report.

  3. (Optional) Set the Cleanup view filter:

    • All rules (default): Display policies and rules in the security groups that match the selected filters.

    • Unused rules: Display only policies containing unused rules and the unused rules found in the security groups that match the selected filters.

  4. (Optional) To exclude risk information in the CSV report, toggle Show risks to off.

  5. Click .

    The Export Report popup appears.

  6. (Optional) By default, the report name consists of the name of the vendor and the date the report was generated. Enter a new name for the report.

  7. Click Export.

    The report is downloaded to your computer.

    Note: To find risk details associated with the rule, use the rule CFID as the common identifier between policy CSV report and the risk CSV report. For details, see Export risk and risk trigger details.

    Note: The report does not include:

    • Policy sets with no rules

    • Information regarding suppressed risks like count and risks details

    Note: Report generation can take up to 20 minutes.