Import Command Flags
AGDS import flags control how exported data is applied to an air-gapped ThreatQ system. They influence data integrity, performance, and overwrite behavior, but do not affect incremental tracking, which is handled entirely on the export side. They are designed to balance performance, data fidelity, and overwrite behavior while maintaining a safe, repeatable import process.
All flags for the threatq:sync-import command, other than the --file flag, will use the default value unless otherwise defined by the user.
| Flag | Explanation |
|---|---|
--file |
This flag is required. The flag specifies the relative path within the default /var/lib/threatq/agds_transfer directory that the export tarball is imported into.
The following example will import the export tarball file to kubectl exec --namespace threatq --stdin --tty deployment/api-schedule-run -- ./artisan threatq:sync-import --file=import/runs/tqSync-19-01-16-1547660837-8345.tar.gz
|
--keep-created-at |
This flag controls how created_at timestamps are handled for imported objects and uses a Yes/No argument. The default value is Y (Yes) and preserves the earliest created_at time stamp between the source and target ThreatQ instances. Setting the flag to N (No) sets the created_at timestamp to the current time for the imported objects. As the default value for the flag is Y, you will only need to include the flag in import commands if you do not want to use the earliest time stamp for imported objects.
The command below will use the current date and time for the kubectl exec --namespace threatq --stdin --tty deployment/api-schedule-run -- ./artisan threatq:sync-import --keep-created-at=N --file=import/runs/tqSync-19-01-16-1547660837-8345.tar.gz
|
--object-limit |
This flag sets the limit for the number of objects updated or inserted at a time. When using this flag, the size of the data sets on both source and target ThreatQ installations should be taken into account. While increasing this value will result in faster imports on larger systems setting it could also hinder performance. The default value is 1000.
The example below sets the object limit for the import command to 5000. kubectl exec --namespace threatq --stdin --tty deployment/api-schedule-run -- ./artisan threatq:sync-import --object-limit=50000 --file=import/runs/tqSync-19-01-16-1547660837-8345.tar.gz
|
--memory-limit |
This flag sets the PHP memory limit in megabytes or gigabytes. The default value is 2g. Increasing this value is helpful when processing large investigations or the import process originally failed due to memory exhaustion.
The example below sets the new memory limit to 4 gibabytes. kubectl exec --namespace threatq --stdin --tty deployment/api-schedule-run -- ./artisan threatq:sync-import --memory-limit=4G --file=import/runs/tqSync-19-01-16-1547660837-8345.tar.gz
|
--override-description |
This flag determines if descriptions on existing objects on the target ThreatQ installation are be updated using a Yes/No argument. The default value is Yes. This flag is useful if you want to preserve analyst-curated descriptions on the target system.
The default value is If an existing object has a NULL description, it will be updated regardless of the use of this flag. The example below will result in the preserving the existing descriptions when importing. kubectl exec --namespace threatq --stdin --tty deployment/api-schedule-run -- ./artisan threatq:sync-import --override-description=N --file=import/runs/tqSync-19-01-16-1547660837-8345.tar.gz
|
| Flag | Explanation |
|---|---|
--file |
This flag is required. The flag specifies the relative path within the default /var/lib/threatq/agds_transfer directory that the export tarball is imported into.
The following example will import the export tarball file to sudo ./artisan threatq:sync-import --file=import/runs/tqSync-19-01-16-1547660837-8345.tar.gz
|
--keep-created-at |
This flag controls how created_at timestamps are handled for imported objects and uses a Yes/No argument. The default value is Y (Yes) and preserves the earliest created_at time stamp between the source and target ThreatQ instances. Setting the flag to N (No) sets the created_at timestamp to the current time for the imported objects. As the default value for the flag is Y, you will only need to include the flag in import commands if you do not want to use the earliest time stamp for imported objects.
The command below will use the current date and time for the sudo ./artisan threatq:sync-import --keep-created-at=N --file=import/runs/tqSync-19-01-16-1547660837-8345.tar.gz
|
--object-limit |
This flag sets the limit for the number of objects updated or inserted at a time. When using this flag, the size of the data sets on both source and target ThreatQ installations should be taken into account. While increasing this value will result in faster imports on larger systems setting it could also hinder performance. The default value is 1000.
The example below sets the object limit for the import command to 5000. sudo ./artisan threatq:sync-import --object-limit=50000 --file=import/runs/tqSync-19-01-16-1547660837-8345.tar.gz
|
--memory-limit |
This flag sets the PHP memory limit in megabytes or gigabytes. The default value is 2g. Increasing this value is helpful when processing large investigations or the import process originally failed due to memory exhaustion.
The example below sets the new memory limit to 4 gibabytes. sudo ./artisan threatq:sync-import --memory-limit=4G --file=import/runs/tqSync-19-01-16-1547660837-8345.tar.gz
|
--override-description |
This flag determines if descriptions on existing objects on the target ThreatQ installation are be updated using a Yes/No argument. The default value is Yes. This flag is useful if you want to preserve analyst-curated descriptions on the target system.
The default value is If an existing object has a NULL description, it will be updated regardless of the use of this flag. The example below will result in the preserving the existing descriptions when importing. sudo ./artisan threatq:sync-import --override-description=N --file=import/runs/tqSync-19-01-16-1547660837-8345.tar.gz
|