Export Jobs: Generating Audit-Ready Compliance Reports

Audit evidence goes wrong when teams treat it as a last-minute download. Keeptrusts approaches exports as a job workflow instead: choose an explicit date window, request the right artifact format, watch the job move from queued to completed, and then download a file whose name, scope, and metadata make sense to a reviewer. That is what turns a browser action into an evidence package you can defend later.

Use this page when

• You need event evidence for an audit, incident review, regulator request, or internal control check.
• You want a structured compliance artifact instead of an ad hoc CSV attachment.
• You need job history, expiry visibility, and downloadable artifacts instead of a one-shot export button.

Primary audience

• Primary: Technical Engineers and Compliance Operators
• Secondary: Technical Leaders and Audit stakeholders

The problem

Evidence exports fail for ordinary reasons.

The time window is wrong. The format is wrong for the audience. The exported file is technically valid but missing the identifiers reviewers need. Or the file is so large that a synchronous request becomes unreliable and nobody can tell whether the job actually finished.

The deeper issue is that “export” means different things to different consumers.

• An engineer may want raw JSON for a deeper investigation.
• A compliance lead may want a structured report aligned to a framework.
• An auditor may need a bundle with a manifest and integrity metadata.

If your tooling only supports one of those cases, teams start improvising. That is how evidence packages become inconsistent across quarters and across teams.

The solution

The Keeptrusts Exports page gives you a two-part workflow.

The first part is request creation. You choose a start date, an end date, and a format. The page includes quick ranges such as the last 24 hours, last 7 days, last 30 days, and last 90 days so you can set common audit windows quickly.

The second part is job history. Once a job is requested, it lives in a queue-backed history table with explicit status, event count, expiry, and available actions. That is important because evidence jobs are operational artifacts, not just downloads.

The available formats map to distinct use cases.

For raw-data exports, the page supports csv and json.

For compliance reporting, the page supports several structured outputs, including compliance-aesia, compliance-aepd, compliance-ens, and compliance-all. The bundle format is especially useful because it can include a manifest and multiple projected artifacts, which is closer to how real compliance handoffs work.

Implementation

The page is easiest to use if you separate scoping from downloading.

1. Decide the review question first.
2. Set the date window that matches that question.
3. Pick a format that matches the audience.
4. Submit the export job.
5. Watch the history table until the job completes.
6. Download the artifact and package it with the necessary reference IDs.

The date controls are more important than they look. The page validates that the start date is not after the end date, and the quick ranges help standardize recurring exports so monthly and quarterly reviews do not drift into arbitrary windows.

Format selection is where most teams should slow down.

Use csv when the destination is spreadsheet review or a simple control check.

Use json when another technical system or reviewer needs raw event structure.

Use a compliance-report format when the audience needs something closer to a formal artifact than a raw event dump.

Use compliance-all when you want the bundle behavior. In the current console implementation, that option projects a tarball-style bundle with artifacts such as:

manifest.json
compliance-aesia.json
compliance-aepd.json
compliance-ens.json

That bundle path matters because it gives reviewers both the generated reports and the metadata that explains what the bundle contains.

The history table is what makes this useful operationally. Jobs have explicit states such as queued, processing, completed, failed, and expired. The page refreshes more aggressively while jobs are still in progress, so you do not need to guess whether a long-running export is still moving.

The generated filenames are also predictable. Raw exports follow patterns like:

kt_2026-05-01_to_2026-05-31.csv
kt_2026-05-01_to_2026-05-31.json
kt_2026-05-01_to_2026-05-31_compliance-all.tar.gz

That consistency is more useful than it sounds. Filenames become part of the chain-of-custody story when evidence is passed across teams.

If you prefer automation or need the same output in scripts, the CLI mirrors the asynchronous export-job model:

kt export-jobs create --type events --format csv \
  --date-from 2026-05-01 --date-to 2026-05-31

Then monitor and download the artifact:

kt export-jobs get --id job_abc123
kt export-jobs download --id job_abc123 --output may-evidence.csv

In practice, that means the console and CLI are complementary. The console is excellent for scoped, operator-driven evidence requests. The CLI is useful when you want the same workflow in runbooks or scheduled operational routines.

One reliable workflow for an internal review looks like this:

1. Open Exports and set the review window.
2. Choose csv if the reviewers want tabular data, or json if engineering will inspect the raw payloads.
3. Submit the job and wait for completion.
4. Download the file.
5. Pair the artifact with the request IDs, escalation IDs, and config version involved in the review.

For a broader compliance review, use the bundle path instead:

1. Set the date range for the audit period.
2. Choose compliance-all.
3. Wait for the job to complete.
4. Open the manifest if you need to confirm artifact inventory or integrity details.
5. Hand off the bundle together with your incident or audit note.

That extra step around manifest and artifact inventory is what makes the export more than a download. It turns the output into a review packet.

Results and impact

Teams that use export jobs properly spend less time recreating evidence context after the fact. They know which date range was requested, which file format was used, whether the artifact was ready for download, and when it will expire.

That predictability matters for both routine compliance work and incident response. A regulator or internal auditor usually cares as much about scope and provenance as about the rows inside the file. The export-job workflow makes those details visible.

It also reduces operational friction. Large or formal exports no longer need to be jammed into a synchronous browser action. They can run as background jobs and still be easy to retrieve later.

Key takeaways

• Treat the review question and date window as part of the export, not as details to remember later.
• Choose raw-data or compliance-report formats based on the audience.
• Use the history table to track queued, processing, completed, failed, and expired jobs.
• The compliance-all option is the right fit when you need a manifest-backed bundle instead of a single raw file.
• Pair every download with event IDs, escalation IDs, or config versions so the artifact remains usable outside the exporting team.

Next steps

• Export Evidence for a Review
• kt export-jobs
• Reviewing Alerts and Evidence
• How To: Resolve an Escalation
• Policies overview
• Managing Policy Changes
• Templates overview
• Knowledge Base