Free Threat Intel for Your SIEM: A 5-Minute Setup Guide

What You Get

Base URL: https://analytics.dugganusa.com

Current coverage: 270K+ IOCs, 2,500+ blocked IPs, 351 adversaries, 1,499 CISA KEV entries.

Splunk

Option 1: Sigma Conversion (Recommended)

# Install sigma-cli
pip install sigma-cli pysigma-backend-splunk

Option 2: Direct SPL Queries

# Download pre-built Splunk queries
curl -s https://analytics.dugganusa.com/api/v1/detection-rules/bundle -o rules.zip
unzip rules.zip
cat splunk/dugganusa-queries.spl

Option 3: Threat Intel Framework

| inputlookup append=t [
  | makeresults
  | eval url="https://analytics.dugganusa.com/api/v1/stix-feed?format=csv"
  | lookup threatintel url OUTPUT ip, confidence, actor
]

Microsoft Sentinel (Azure)

Option 1: KQL Direct Query

// External threat intel join
let ThreatIntel = externaldata(ip:string, confidence:int, actor:string, country:string)
[@"https://analytics.dugganusa.com/api/v1/stix-feed?format=csv"]
with (format="csv", ignoreFirstRecord=true);

CommonSecurityLog | where TimeGenerated > ago(24h) | join kind=inner (ThreatIntel | where confidence > 50) on $left.SourceIP == $right.ip | project TimeGenerated, SourceIP, actor, confidence, country, DeviceAction ```

Option 2: Sigma via Azure Function

# Convert Sigma to KQL
sigma convert -t microsoft365defender dugganusa.yml > sentinel_rules.kql

Option 3: Threat Intelligence Blade

1. Go to Sentinel > Threat Intelligence

2. Add Data Connector > Threat Intelligence - TAXII

3. API Root: https://analytics.dugganusa.com/taxii2/

4. Collection: stix-feed

IBM QRadar

Option 1: Reference Set Import

# Download IP blocklist
curl -s "https://analytics.dugganusa.com/api/v1/stix-feed?format=csv" | \
  awk -F',' 'NR>1 {print $1}' > malicious_ips.txt

Option 2: Sigma Conversion

sigma convert -t qradar dugganusa.yml > qradar_rules.xml

Option 3: Suricata Integration (via QRadar Network Insights)

# Copy Suricata rules
curl -s https://analytics.dugganusa.com/api/v1/detection-rules/suricata \
  -o /etc/suricata/rules/dugganusa.rules

Elastic SIEM

Option 1: Detection Rules API

# Convert Sigma to Elastic
pip install sigma-cli pysigma-backend-elasticsearch
sigma convert -t elasticsearch dugganusa.yml > elastic_rules.ndjson

Option 2: Threat Intel Filebeat Module

# filebeat.yml
filebeat.modules:
  - module: threatintel
    otx:
      enabled: false
    misp:
      enabled: true
      var.url: "https://analytics.dugganusa.com/api/v1/stix-feed"
      var.interval: 1h

Option 3: Elasticsearch Ingest Pipeline

PUT _ingest/pipeline/threat-intel-enrichment
{
  "processors": [{
    "enrich": {
      "policy_name": "dugganusa-iocs",
      "field": "source.ip",
      "target_field": "threat"
    }
  }]
}

Google Chronicle

Option 1: Chronicle SIEM Feed

# Chronicle accepts STIX 2.1 natively
# Configure in Chronicle: Settings > Feeds > Add Feed
# URL: https://analytics.dugganusa.com/api/v1/stix-feed
# Format: STIX 2.1
# Interval: 1 hour

Option 2: YARA Rules for Chronicle

# Download YARA rules
curl -s https://analytics.dugganusa.com/api/v1/detection-rules/yara \
  -o dugganusa.yar

Option 3: UDM Search with IOCs

// Chronicle UDM query
metadata.event_type = "NETWORK_CONNECTION"
AND target.ip IN %dugganusa_blocklist

Quick Start: All-in-One Bundle

Don't want to think about formats? Download everything:

curl -s https://analytics.dugganusa.com/api/v1/detection-rules/bundle -o dugganusa-rules.zip
unzip dugganusa-rules.zip

Update Frequency

Caching Headers

All endpoints return Cache-Control: no-cache - you'll always get fresh data.

Questions?

• API Docs: https://analytics.dugganusa.com/docs/stix-feed.md

• Dashboard: https://analytics.dugganusa.com/dashboard

• Contact: [email protected]

Free for non-commercial use. Commercial use requires attribution to DugganUSA LLC.

Her name was Renee Nicole Good.

His name was Alex Jeffery Pretti.

The cheapest, fastest, most accurate threat feed on the internet.

275+ enterprises pulling daily. 1M+ IOCs. 17.4M indexed documents. We beat Zscaler by 43 days on NrodeCodeRAT. Starter tier $9/mo — less than any competitor’s sales demo.

Look up an IOC → · Audit your brand on AIPM → · See pricing →