Skip to main content
Pulsedive Feed gives you direct, automated access to Pulsedive’s threat intelligence dataset in bulk. Instead of querying individual indicators through the API, Feed lets you pull the entire dataset, or a filtered subset, on a schedule that fits your workflow. Feed is designed for recurring, automated ingestion. You configure your export once using a Direct URL or TAXII endpoint, point your tooling at it, and pull fresh data on a regular cadence.
Pulsedive Feed, our bulk export service, is a separate product from the Pulsedive API. The Pulsedive API includes an unrelated feed endpoint which retrieves metadata about the third-party source feeds that Pulsedive ingests. To learn more about Pulsedive Feed, visit pulsedive.com/about/feed.

What You Get

A Pulsedive Feed subscription includes:
  • Bulk export of Pulsedive’s indicator dataset
  • Configurable filters for indicator type, risk level, time period, and retirement status
  • A Direct URL for automated CSV ingestion
  • STIX/TAXII 2.1 export (depending on plan)
Export access and available options vary by pricing plan.

What You Can Do

Take advantage of Pulsedive’s knowledge base:
  • Alert on high-risk indicators: Import your Feed export into a SIEM, SOAR, or Splunk and correlate against network logs to surface high-risk activity.
  • Enrich logs locally: Integrate Feed data into your existing pipelines to enrich logs without making individual API requests per indicator.
  • Block potential threats proactively: Use high-risk IP, URL, and domain exports to populate blocklists in your security controls.

Export Formats

Pulsedive Feed supports two export formats:
  • CSV: A flat file export delivered via a configurable Direct URL. Available on all Feed plans.
  • STIX/TAXII 2.1: Structured threat intelligence objects delivered via a TAXII 2.1 server. Available on Standard and Complete plans.
To decide which format fits your use case, visit Choose an Export Format.