> ## Documentation Index
> Fetch the complete documentation index at: https://docs.pulsedive.com/llms.txt
> Use this file to discover all available pages before exploring further.

# Choose an Export Format

> Compare CSV and STIX/TAXII 2.1 to find the right format for your security workflow.

<Callout icon="map-pin" color="#8b5cf6" iconType="regular">
  To use this feature, you must have a Pulsedive [Feed](https://pulsedive.com/about/feed) plan.
  Your export access and available options are determined by your plan.
</Callout>

Pulsedive Feed supports two export formats: CSV and STIX/TAXII 2.1.
The right choice depends on your use case, the tools you're integrating with, and your Feed plan.

|                     | CSV                                                        | STIX/TAXII 2.1                                                |
| ------------------- | ---------------------------------------------------------- | ------------------------------------------------------------- |
| **Best for**        | Flat file ingestion, SIEMs, custom pipelines, spreadsheets | Platforms with native TAXII support, structured CTI workflows |
| **Delivery**        | Direct URL (HTTP download)                                 | TAXII 2.1 server endpoint                                     |
| **Output**          | Flat CSV rows, one indicator per row                       | STIX 2.1 objects (indicators and threats)                     |
| **Filtering**       | Configured in the Direct URL                               | Query string parameters on each request                       |
| **Fault tolerance** | Retry the full request on failure                          | Resume from a timestamp or pagination token                   |
| **Plans**           | All Feed plans                                             | Standard and Complete only                                    |

## Choose CSV if...

* Your SIEM, SOAR, or pipeline ingests flat files.
* You want simplicity: one URL, one file, straightforward parsing.
* You need broad compatibility with tools that don't natively speak TAXII.
* You're on a Light Feed plan.

To get started, visit [CSV Export](/export/csv).

## Choose STIX/TAXII 2.1 if...

* Your security platform (such as Microsoft Azure Sentinel or OpenCTI) natively supports TAXII 2.1.
* You need structured threat objects alongside indicators.
* You want fault-tolerant pagination: if a pull fails, you can resume from where you left off using a timestamp or pagination token rather than restarting the full download.
* You're on a Standard or Complete Feed plan.

To get started, visit the [STIX/TAXII documentation](/taxii/overview).
