Skip to main content
Skip table of contents

Exporter for Secure File Transfer Protocol (SFTP) server

This documentation references external sources. Nexthink does not have control over the accuracy of third-party documentation, nor any external updates or changes that might create inconsistencies with the information presented on this page. Please report any errors or inconsistencies to Nexthink Support.

Data Export allows you to export Nexthink data insights to an SFTP server using comma-separated CSV files and in UTF-8 format.

Configure the SFTP server to store data and create a Data Export in the Nexthink web interface to distribute it.

1. Create a storage account in the Microsoft Azure portal

If you have already configured an SFTP server, skip to the Configuring (SFTP) connector credentials section.

The SFTP server used to export data is the one provided by Azure Portal. Nonetheless, the data exporter can be configured to work with any other SFTP server available.

Create a file system using the general purpose v2 storage account in the Azure portal (not a data lake storage gen1):

  • In the Azure portal menu, select All services.

  • In the list of resources, type Storage Accounts.

  • Select Storage Accounts.

  • Select Add in the Storage Accounts window.

  • Select the subscription for which you want to create the storage account.

  • Select Create new under the Resource group field. Enter the name of your new resource group. If a resource group already exists, select it from the drop-down list.

Project details in Azure portal
  • Enter the name of your storage account. The name must be unique across the Azure portal and between 3 and 24 characters in length. It should include numbers and lowercase letters only.

  • Select a location for your storage account or use the default location.

  • Fill in the information for the rest of the tabs, Advanced, Networking, Data Protection, Encryption and Tags.

  • Select Review + Create to review your storage account settings and create the account.

2. Create a data lake container within a storage account

  • Locate your newly created storage account under Storage accounts.

  • Select the storage account you want to use.

  • You need to create a new container.

  • Select Containers, add a new container and enter a meaningful name for it, for example, openbridge-sftp.

  • Make sure access is set to Private (no anonymous access).

Data lake container
  • Click on Create.

3. Obtain SFTP credentials

  • Under Settings, select the SFTP option in the menu on the left.

SFTP option
  • Add a local user.

  • In the Username + Authentication tab, insert the username and select the password authentication method.

Username plus Authentication
  • In the Container permissions tab, select the container defined in Step 2, then grant permissions to access the container and insert the root directory. The root directory must exist in advance.

Container permissions

The Home (landing) directory must be a string with the pattern container_name/folder, otherwise the system won’t configure it properly. The system cannot locate the landing directory in the container’s root, only in a folder that exists in the root.

  • Copy the password that the system has generated once you have created the user.

  • Once you configure the user, save the following values to configure the connector credentials in the Nexthink web interface:

    • Username

    • Connection string

    • SSH password

4. Configuring SFTP connector credentials

Configure the credentials to access the SFTP server from the Nexthink web interface:

  • Select Administration from the main menu.

  • Select Connector credentials located under Integrations in the navigation panel.

Accessing connector credentials
  • Click on the New credential button located in the top-right corner of the Connector credentials page.

  • Enter a unique name.

  • Select Secure File Transfer Protocol (SFTP) as Protocol to reveal additional form elements.

  • Hostname: sftp://<connection string>:<port> from Step 3.

  • SFTP server fingerprint: execute the command ssh-keyscan <container_name>.blob.core.windows.net in the command line interface and copy the entire string starting with ecdsa-

    You can also use the string starting with ssh-rsa if the previous is not available:

  • Authorization: BASIC

  • Username: <username> from Step 3.

  • Password: <ssh password> from Step 3.

  • Click Save.

Refer to the Connector credentials documentation for more information about how to manage credentials.

5. Configure SFTP Data Export

Configure the outbound connector to export data to the SFTP server:

  • Select Administration from the main menu.

  • Click on Outbound connectors from the Integrations section of the navigation panel.

  • Select Data Exporter from the table.

  • Click on the New exporter button located at the top right of the page.

General tab

General tab
  • Select SFTP server as a destination.

  • Enter the Maximum File Size (MB).

Data tab

  • Recurrence: Select the frequency of how often the system will evaluate the NQL query.

  • NQL query: Enter the NQL query that will generate the data you wish to export to the destination.

  • Directory: Enter the directory where the system will store the result of the NQL query.

  • Click the Send test button to test the query.

  • Click Save.

NQL Examples

List of packages

CODE
package.packages 
| list name, publisher , version 

List users that are not Local

CODE
users
| where name !in ["*Local*"]

List of users that have connected to a device

CODE
session.connects during past 7d
| where hardware.type == laptop or hardware.type == desktop
| summarize c1 = count() by device.name , user.name , user.ad.full_name
| list device.name , user.name , user.ad.full_name

List of laptop and desktop workstations

CODE
devices
| where hardware.machine_serial_number != "" and (hardware.type == laptop or hardware.type == desktop)
| include cpus
| compute num_of_cores = number_of_cores.count() , number_of_cpus = count(), freq = frequency.sum()
| include disks
| compute disk_capacity = capacity.sum()
| list group_name, last_seen, first_seen, entity, hardware.manufacturer, hardware.model , operating_system.architecture , hardware.machine_serial_number , name, hardware.memory, num_of_cores , number_of_cpus , freq ,disk_capacity, operating_system.name , operating_system.build 

List of packages installed on a specific device

CODE
package.installed_packages
| summarize c1=count() by package.name, package.version , device.name
| list package.name, package.version , device.name

Troubleshooting Guide

Wrong credentials

There are many mechanisms to check whether the SFTP credentials are working:

  • Windows: Refer to Test sftp Connection from Windows and Linux article (external link).

  • Linux: Execute this command in the terminal sftp -P 22 <username>@<connection_string>

  • For SFTP clients such as FileZilla or WinSCP: Configure a new connector with the credentials defined in the documentation and check whether the system can establish a connection.

Error exporting the data

F.A.Q.

Can I use the ssh-rsa as an SFTP server fingerprint?

Yes, but it depends on the SFTP server configuration. If it has several protocols available, you should choose the most secure one, otherwise, the system may throw errors when connecting.

Can I specify the name of the file to be exported?

No, the content will be exported within a file with the following naming convention: ${data_export_name}_X_yyyymmdd-hhmmss.csv

When the Send Test is executed the content will be exported within a file with the following naming convention: Test_X_yyyymmdd-hhmmss.csv

Is it possible to add multiple NQL queries when configuring SFTP exporter and specify the name of the file to be exported?

No, it is not. The only tool that allows the addition of multiple NQL queries in the same exporter is the Azure Data Lake exporter.

JavaScript errors detected

Please note, these errors can depend on your browser setup.

If this problem persists, please contact our support.