The Universal CSV Parser Action parses selected CSV files using ThreatQ default mappings for the columns.

Note:  Input CSV files must have the column headers present in the file.

The action will parse the CSV file and create indicators based on the columns present in the file as well as normalize the data in the columns to the appropriate data types.

The integration provides the following action:

• Universal CSV Parser - parses CSV files and creates indicators, attributes, and relationships based on the columns present in the file.

The action is compatible with File object types (CSV files).

The action returns the following enriched system objects:

• Adversaries
• Attack Patterns
• Indicators
• Malware
• Tags

Note: This action is intended for use with ThreatQ TDR Orchestrator (TQO). An active TQO license is required for this feature.