DugganUSA LLC is a cybersecurity company based in Minnesota that builds AI-powered threat intelligence tools. Our platform indexes over 1 million indicators of compromise (IOCs), 400,000+ DOJ Epstein documents, and provides a free STIX 2.1 threat feed consumed by Fortune 500 companies and defense contractors.

Butterbot is DugganUSA's AI-powered security chatbot with 40+ tools for searching IOCs, correlating threat indicators, traversing threat graphs, analyzing behavioral patterns, and running CARVER risk assessments. It uses OpenAI function calling with Meilisearch-backed indexes.

What is AIPM (AI Presence Management)?

AIPM is a tool that audits how AI models (GPT, Claude, Gemini, Perplexity) perceive and recommend your brand. It calculates an AIPM-NPS score by directly querying AI models, analyzes your website structure for AI crawler readiness, and provides optimization recommendations. Think 'SEO for the LLM era.'

Is the Epstein Files search free?

Yes. The Epstein Files Search at epstein.dugganusa.com offers a free tier with 500 queries per day. It covers all 12 DOJ EFTA datasets (400K+ documents), 2M+ ICIJ offshore entities, and 2M+ federal decisions. Professional and enterprise tiers are available for researchers and journalists needing higher limits.

Who founded DugganUSA?

DugganUSA was founded by Patrick Duggan on December 1, 2025, in Minnesota. Patrick's background includes Dell EMC, Palo Alto Networks, and embedded work at Microsoft on JEDI/Azure Stack. The company's D-U-N-S number is 14-363-3562.

What is the DugganUSA STIX feed?

DugganUSA operates a free STIX 2.1 threat intelligence feed at analytics.dugganusa.com/api/v1/stix-feed. It contains 1M+ indicators of compromise including botnet C2s, malicious IPs, and attack infrastructure. The feed is TAXII 2.1 compliant and is consumed by major organizations including Microsoft, AT&T, Amazon, and defense contractors.

Free Threat Intelligence for CrowdStrike Users: DugganUSA STIX 2.1 Feed

Patrick Duggan
Nov 13, 2025
2 min read

Published: November 13, 2025 Category: Threat Intelligence Vendor: CrowdStrike Falcon

The Value Proposition

DugganUSA discovered 244 threats that billion-dollar vendors (AbuseIPDB, VirusTotal, ThreatFox) scored as ZERO.

That's a 63% unique discovery rate from multi-source correlation.

Your CrowdStrike Falcon platform is excellent. Our free STIX 2.1 feed makes it better.

What You Get

• Free STIX 2.1 threat intelligence feed

• Real-time updates from production security operations

• MITRE ATT&CK mapped indicators

• Zero cost - Democratic Sharing Law (Judge Dredd D6: 99.5% public)

• 244+ unique discoveries missed by major threat intel vendors

Feed URL: `https://analytics.dugganusa.com/api/v1/stix-feed`

CrowdStrike Falcon Integration

Step 1: Access Threat Intelligence Management

1. Log into CrowdStrike Falcon Console 2. Navigate to Threat Intelligence → Indicators 3. Click Import → STIX Feed

Step 2: Configure Feed URL

Feed URL: https://analytics.dugganusa.com/api/v1/stix-feed?days=30&min_confidence=70
Format: STIX 2.1
Authentication: None (Public feed)
Update Frequency: Hourly recommended

Step 3: Map Indicators to Detections

• Import IPv4 indicators as IOCs

• Map MITRE ATT&CK techniques to detections

• Trigger alerts when endpoints contact flagged IPs

• Enrich detections with our threat intelligence

Step 4: Create Custom Detection Logic

Example: Block High-Confidence Threats

sql
-- Falcon Query Language (FQL)
event_simpleName=NetworkConnectIP4
| lookup threat_intel ip_address as RemoteAddressIP4
| where threat_intel.confidence >= 80
| eval severity=case(
    threat_intel.indicator_types contains "malicious-activity", "CRITICAL",
    threat_intel.indicator_types contains "anomalous-activity", "HIGH",
    true, "MEDIUM"
  )

Example: Hunt for Communications with Unique Discoveries

sql
event_simpleName=NetworkConnectIP4
| lookup threat_intel ip_address as RemoteAddressIP4  
| where threat_intel.x_dugganusa_discovery.unique_detection=true
| stats count by ComputerName, RemoteAddressIP4, threat_intel.name

Query Examples

Find All DugganUSA Indicators

sql
event_simpleName=ThreatIntelIndicatorMatch
| where IndicatorSource="DugganUSA LLC"
| stats count by IndicatorValue, IndicatorType, Severity

Correlate with MITRE ATT&CK

sql
event_simpleName=ThreatIntelIndicatorMatch
| where IndicatorSource="DugganUSA LLC"
| join type=left aid, ContextTimestamp 
    [search event_simpleName=DetectionSummaryEvent]
| stats count by Tactic, Technique, IndicatorValue

Unique Discovery Alert

sql
-- Alert on threats missed by other vendors
event_simpleName=ThreatIntelIndicatorMatch
| where IndicatorSource="DugganUSA LLC"
| where threat_intel.x_dugganusa_discovery.sources_with_zero_score != []
| eval missed_vendors=mvjoin(threat_intel.x_dugganusa_discovery.sources_with_zero_score, ", ")
| table ContextTimestamp, ComputerName, IndicatorValue, missed_vendors

Feed Parameters

Customize the feed for your environment:

# Last 7 days, high confidence only
https://analytics.dugganusa.com/api/v1/stix-feed?days=7&min_confidence=85

Why This Matters

CrowdStrike has the telemetry. We have the correlation.

You see threats at the endpoint. We see threats across 5 intelligence sources simultaneously.

When AbuseIPDB scores an IP as zero, VirusTotal scores it as zero, and ThreatFox scores it as zero — but we blocked it at confidence 95% — that's the threat your EDR needs to know about.

244 unique discoveries. Free. Forever.

Democratic Sharing Law

This feed is free because digital goods have zero marginal cost to share.

We're not hoarding threat intelligence behind paywalls. We're publishing it openly because that's how you prove you're not full of shit.

Judge Dredd Dimension 6 (Democratic Sharing): 99.5% public (4,780 files tracked, 1,011 excluded).

7.1x evidence-to-claims ratio. We show receipts.

Technical Details

• Format: STIX 2.1 Bundle

• Attribution: `created_by_ref: identity--dugganusa-llc-f4a8c3d2-1b9e-4f7a-8c2d-9e3f5b6a7c8d`

• Update Frequency: Real-time from production auto-blocking

• License: CC0-1.0 (Public Domain)

• Contact: [email protected]

Support

Questions? Email [email protected]

API issues? Check feed health: `https://analytics.dugganusa.com/api/v1/stix-feed/info`

Documentation: `https://analytics.dugganusa.com/docs/stix-feed.md`

Your security is our problem now.

— DugganUSA LLC (Minnesota)