To use this feature, you must have a Pulsedive Feed plan.
Your export access and available options are determined by your plan.
| CSV | STIX/TAXII 2.1 | |
|---|---|---|
| Best for | Flat file ingestion, SIEMs, custom pipelines, spreadsheets | Platforms with native TAXII support, structured CTI workflows |
| Delivery | Direct URL (HTTP download) | TAXII 2.1 server endpoint |
| Output | Flat CSV rows, one indicator per row | STIX 2.1 objects (indicators and threats) |
| Filtering | Configured in the Direct URL | Query string parameters on each request |
| Fault tolerance | Retry the full request on failure | Resume from a timestamp or pagination token |
| Plans | All Feed plans | Standard and Complete only |
Choose CSV if…
- Your SIEM, SOAR, or pipeline ingests flat files.
- You want simplicity: one URL, one file, straightforward parsing.
- You need broad compatibility with tools that don’t natively speak TAXII.
- You’re on a Light Feed plan.
Choose STIX/TAXII 2.1 if…
- Your security platform (such as Microsoft Azure Sentinel or OpenCTI) natively supports TAXII 2.1.
- You need structured threat objects alongside indicators.
- You want fault-tolerant pagination: if a pull fails, you can resume from where you left off using a timestamp or pagination token rather than restarting the full download.
- You’re on a Standard or Complete Feed plan.