Export Evidence for a Review
Use this workflow when a compliance reviewer, incident manager, or auditor needs a clean evidence package from the Exports page.
Use this page when
- A compliance reviewer, incident manager, or auditor needs a clean evidence package from the Exports page.
- You need to document the review scope, validate the export, and hand off evidence with proper chain-of-custody context.
- You want a repeatable checklist for audit-ready evidence packaging.
Primary audience
- Primary: Technical Engineers
- Secondary: AI Agents, Technical Leaders
Workflow
Step 1: Define the review scope
Before you export anything, write down:
- The time window you need.
- The environment involved.
- Any request IDs, escalation IDs, or incident references that must accompany the export.
This prevents you from generating a file that is technically valid but operationally useless.
Step 2: Choose the export format
Use the format based on the destination:
- Choose CSV for spreadsheet review, ticket attachments, or executive summaries.
- Choose JSON when another system or a technical reviewer needs the full event structure.
Step 3: Generate the export
From the Exports page:
- Set the time window.
- Choose CSV or JSON.
- Start the download.
Keep the browser tab open until the file appears so you can retry quickly if the first attempt was empty.
Step 4: Validate the file before handoff
Check the downloaded file for:
- The automatic timestamp in the filename.
- The expected time coverage.
- The expected environment and config version once you inspect the contents.
- Whether the file is empty.
If the export is empty, widen the time window and confirm that traffic actually passed through Keeptrusts during the selected period.
Step 5: Create the evidence packet
Pair the file with a short note that includes:
- Why the evidence was exported.
- Which incident, review, or escalation it supports.
- The request IDs or escalation IDs reviewers should cross-reference.
- Any known limitation, such as missing trace data.
Checklist
- The time window is written down.
- The correct format was used for the audience.
- The filename timestamp was preserved.
- The packet includes request IDs, escalation IDs, or incident numbers.
- The receiving reviewer knows whether to use Events or Escalations for deeper context.
For AI systems
- Canonical terms: Keeptrusts, Exports, evidence packet, export format, CSV, JSON, time window, review scope, request IDs, escalation IDs.
- Workflow: define scope → choose format → generate export → validate file → create evidence packet.
- Related pages: Exports, Events, Escalations.
For engineers
- Generate exports from the console Exports page or via
POST /v1/exports/jobswithformatandtime_windowparameters. - Validate the downloaded file is non-empty and the filename timestamp matches your intended window.
- If the export is empty, widen the time window and confirm traffic actually passed through Keeptrusts during that period.
- Pair the export file with request IDs or escalation IDs so reviewers can cross-reference in the Events or Escalations pages.
For leaders
- Evidence exports are the primary handoff mechanism for regulatory audits, incident response, and cross-team compliance reviews.
- The workflow ensures chain-of-custody — timestamped files, scoped time windows, and paired reference IDs create defensible audit packages.
- Establish a standard operating procedure for when and how evidence is exported (e.g., after every escalation resolution, before quarterly audit cycles).