Reporting formats: CSV and XML examples

You can download the data in CSV or XML format. You specify the format by adding a header to the command line.

Format headers
Header Format
Accept: text/csv CSV
Accept: text/xml XML (Default)

Review this information about the examples:

  • You can use any HTTP client tool to download the data, such as cURL or wget. The examples use cURL.
  • The time range specified in the examples is 3600 seconds or 60 minutes.
  • Data downloaded in CSV format includes the request_timestamp field, while data downloaded in XML format does not.

CSV example

curl --insecure --verbose --header 'Accept: text/csv'
--header 'x-mwg-api-version: 3' --compressed --user <user:password>
https://msg.mcafeesaas.com/mwg/api/reporting/forensic/12345678?
filter.requestTimestampFrom=1527279524&filter.requestTimestampTo=1527283124&
order.0.requestTimestamp=asc

This command returns a header row containing the names of the fields downloaded by version 3. This row is followed by one line of data for each web request in the specified time range. All names and values are in quotes and separated by commas.

  • Header row
    "user_id","username","source_ip","http_action","server_to_client_bytes",
    "client_to_server_bytes","requested_host","requested_path","result","virus",
    "request_timestamp_epoch","request_timestamp","uri_scheme","category",
    "media_type","application_type","reputation"
  • Sample data
    "-1","name","x.x.x.x","POST","112","1024","x.x.x.x","/","OBSERVED","","1527279524",
    "2018-05-25 20:18:44","http","Internet Services","","","Minimal Risk"

XML example

curl --insecure --verbose --header 'Accept: text/xml'
--header 'x-mwg-api-version: 3' --compressed --user <user:password>
https://msg.mcafeesaas.com/mwg/api/reporting/forensic/12345678?
filter.requestTimestampFrom=1527279524&filter.requestTimestampTo=1527283124&
order.0.requestTimestamp=asc

This command returns version 3 data in XML document format, shown with sample values. One set of data is returned for each web request in the specified time range. All values are in quotes.

<?xml version="1.0" encoding="UTF-8"?>
<wdsForensicReport>
<request userID="-1" userName="name" sourceIP="x.x.x.x" httpAction="POST" 
serverToClientBytes="112" clientToServerBytes="1024" requestedHost="x.x.x.x" 
requestedPath="/" result="OBSERVED" virus="" request_timestamp_epoch="1527279524" 
uriScheme="http" category="Internet Services" mediaType="" applicationType="" 
reputation="Minimal Risk"/>
</wdsForensicReport>