Data Export
This guide will highlight the steps involved in exporting data from Armis
API endpoints in this page
Data export is disabled by default. Once enabled, files are created daily at midnight UTC. Queries return URLs for the latest files.
The Need for Data Export
While Armis Centrix™ provides various methods for data consumption and analysis, you may sometimes need to export data for further analysis outside of the platform. This is especially useful for integrating Armis' data with your own proprietary datasets.
Exportable Entities
The Armis API allows you to extract information for the following entities:
| Entity | Description | Time Frame |
|---|---|---|
| applications | Installed applications across your devices | 30 days (fixed) |
| device-delete-events | Records of device deletion operations | 14 or 90 days |
| device-merge-events | Records of device merge operations | 14 or 90 days |
| ip-connections | Network connection data between devices | 1 to 7 days |
| risk-factors | Security risks identified on devices | 30 days (fixed) |
| vulnerabilities | Known vulnerabilities affecting devices | 30 days (fixed) |
Configurable Time Frames
The time_frame_days parameter allows you to control the historical data range for certain entity types:
- Applications, Risk Factors, Vulnerabilities: Fixed at 30 days (parameter not applicable)
- Device Delete Events & Device Merge Events: Choose either 14 or 90 days
- IP Connections: Configure from 1 to 7 days
When enabling data export for entities with configurable time frames, specify the time_frame_days parameter. For example, to export the last 90 days of device delete events, set time_frame_days to 90.
All files are in Parquet file format, ideal for large data set. You can learn more about it here.
Example
Let's say you wish to export applications data from Armis Centrix™.
Step 1: enable export
Perquisites:
- Access token with scopes
PERMISSION.REPORT.MANAGE.CREATEandPERMISSION.REPORT.MANAGE.DELETE.
Send the request
import requests
entity = "applications"
body = {"enabled": True}
access_token = "your_access_token_here"
headers = {
"Authorization": f"Bearer {access_token}"
}
response = requests.patch(
f"https://api.armis.com/v3/data-export/{entity}",
json=body,
headers=headers,
)
response.raise_for_status()Detailed recipe
Step 2: wait for the files to be generated
Remember - when you enable data export for an entity, the first files will only be generated for the first time at the next midnight UTC (and on every following midnight UTC until disabled).
Step 3: Get the file URLs
When you export data using this method, you gain access to all data for that entity. Therefore, the access token must have access to all data within the tenant, which in practice means access to all sites and boundaries.
Perquisites:
- Access token with scopes
PERMISSION.REPORT.READandFULL_VISIBILITY.
Send the request
import json
import requests
entity = "applications"
access_token = "your_access_token_here"
headers = {
"Authorization": f"Bearer {access_token}"
}
response = requests.get(
f"https://api.armis.com/v3/data-export/{entity}",
headers=headers,
)
response.raise_for_status()
print(json.dumps(response.json(), indent=2)){
"creation_time": "2025-09-08T00:00:00",
"enabled": true,
"urls": ["url1", "url2"],
"file_format": "parquet"
}Detailed recipe
Step 4: Open the files
Download and open the Parquet files from the provided URLs using tools like Trino, Pandas, etc.
Links expire after 24 hours; download files promptly.