CSV File
CSV File is a read-only key-value store that is derived from a CSV file and stored in memory.
Rows from the CSV are identified by column and stored in an object where the value
from the column becomes the key and the remaining values from the row become the
value.
For example, given the file content below (and setting the column to "bar") the data is mapped to this structure:
foo,bar,baz
qux,quux,corge
grault,garply,waldo
fred,plugh,xyzzy
{"garply":{"baz":"waldo","foo":"grault"},"plugh":{"baz":"xyzzy","foo":"fred"},"quux":{"baz":"corge","foo":"qux"}}
Settings
| Field | Type | Description | Required |
|---|---|---|---|
| file | string | the location of the CSV file. this can be either a path on local disk, an HTTP(S) URL, or an AWS S3 URL. | Yes |
| column | string | determines which rows from the CSV file are loaded into the store as keys. | Yes |
| delimiter | string | the delimiting character (e.g., comma, tab) that separates values in rows in the CSV file. this is optional and defaults to comma (","). | No |
| header | string | overrides the header in the CSV file. this is optional and defaults to using the first line of the CSV file as the header. | No |
Use Cases
Zeek Threat Intelligence
Zeek uses tab-separated values (TSV) files to load operational threat intelligence into the platform and match it against parsed network metadata. The same TSV files can be loaded into a CSV file KV store to enable indicator matching for structured data.
The Configuration Library includes a pattern that supports the intelligence feeds provided by Critical Path Security.
Updated over 1 year ago