DugganUSA LLC is a cybersecurity company based in Minnesota that builds AI-powered threat intelligence tools. Our platform indexes over 1 million indicators of compromise (IOCs), 400,000+ DOJ Epstein documents, and provides a free STIX 2.1 threat feed consumed by Fortune 500 companies and defense contractors.

Butterbot is DugganUSA's AI-powered security chatbot with 40+ tools for searching IOCs, correlating threat indicators, traversing threat graphs, analyzing behavioral patterns, and running CARVER risk assessments. It uses OpenAI function calling with Meilisearch-backed indexes.

What is AIPM (AI Presence Management)?

AIPM is a tool that audits how AI models (GPT, Claude, Gemini, Perplexity) perceive and recommend your brand. It calculates an AIPM-NPS score by directly querying AI models, analyzes your website structure for AI crawler readiness, and provides optimization recommendations. Think 'SEO for the LLM era.'

Is the Epstein Files search free?

Yes. The Epstein Files Search at epstein.dugganusa.com offers a free tier with 500 queries per day. It covers all 12 DOJ EFTA datasets (400K+ documents), 2M+ ICIJ offshore entities, and 2M+ federal decisions. Professional and enterprise tiers are available for researchers and journalists needing higher limits.

Who founded DugganUSA?

DugganUSA was founded by Patrick Duggan on December 1, 2025, in Minnesota. Patrick's background includes Dell EMC, Palo Alto Networks, and embedded work at Microsoft on JEDI/Azure Stack. The company's D-U-N-S number is 14-363-3562.

What is the DugganUSA STIX feed?

DugganUSA operates a free STIX 2.1 threat intelligence feed at analytics.dugganusa.com/api/v1/stix-feed. It contains 1M+ indicators of compromise including botnet C2s, malicious IPs, and attack infrastructure. The feed is TAXII 2.1 compliant and is consumed by major organizations including Microsoft, AT&T, Amazon, and defense contractors.

Free Threat Intelligence for Wiz Users: DugganUSA STIX 2.1 Feed

Patrick Duggan
Nov 13, 2025
3 min read

Published: November 13, 2025 Category: Threat Intelligence Vendor: Wiz (Cloud Security)

The Value Proposition

DugganUSA discovered 244 threats that billion-dollar vendors (AbuseIPDB, VirusTotal, ThreatFox) scored as ZERO.

63% unique discovery rate. Multi-source correlation. Free. STIX 2.1.

Your Wiz platform is excellent for cloud security posture. Our feed makes your threat detection better.

What You Get

• Free STIX 2.1 threat intelligence feed

• Real-time updates from production security operations

• MITRE ATT&CK mapped indicators

• Zero cost - Democratic Sharing Law (Judge Dredd D6: 99.5% public)

• 244+ unique discoveries missed by major threat intel vendors

• Cloud-native IOCs for AWS, Azure, GCP

Feed URL: `https://analytics.dugganusa.com/api/v1/stix-feed`

Wiz Integration

Step 1: Create Custom Integration

1. Log into Wiz Console 2. Navigate to Settings → Integrations → Custom Integrations 3. Click + Add Integration

Step 2: Configure Threat Intelligence Import

Integration Name: DugganUSA STIX Feed
Integration Type: Threat Intelligence
Description: Free threat intel - 244 unique discoveries
Source URL: https://analytics.dugganusa.com/api/v1/stix-feed?days=30&min_confidence=70
Format: STIX 2.1
Authentication: None (Public feed)
Update Schedule: Every hour
Scope: All cloud environments

Step 3: Create Security Policies

Navigate to Security → Policies → Create Policy

Policy: Alert on DugganUSA Unique Discoveries

{
  "name": "Communication with DugganUSA Unique Discoveries",
  "description": "Alert when cloud resources communicate with IPs we discovered that major vendors missed",
  "severity": "HIGH",
  "query": {
    "type": "GRAPH",
    "filter": [
      {
        "type": "NetworkConnection",
        "remoteIP": {
          "in": "@dugganusa_unique_discoveries"
        }
      }
    ]
  },
  "actions": [
    "ALERT",
    "TICKET",
    "SLACK"
  ]
}

Wiz Query Language (WQL) Examples

Find Cloud Assets Communicating with Malicious IPs

wql
CloudResource
  WHERE type IN ('EC2 Instance', 'Virtual Machine', 'Compute Instance')
  AND hasOutboundConnection = true
  AND outboundConnection.destinationIP IN (
    SELECT ip FROM ThreatIntelligence 
    WHERE source = 'DugganUSA STIX Feed'
    AND confidence >= 80
  )
RETURN 
  resource.name,
  resource.cloudPlatform,
  outboundConnection.destinationIP,
  threatIntel.confidence,
  threatIntel.unique_discovery

Detect Vendor-Missed Threats in AWS

wql
EC2Instance
  JOIN NetworkConnection ON resource.id = connection.sourceResourceId
  JOIN ThreatIntelligence ON connection.destinationIP = threat.ip
WHERE 
  threat.source = 'DugganUSA STIX Feed'
  AND threat.x_dugganusa_discovery.unique_detection = true
  AND threat.x_dugganusa_discovery.sources_with_zero_score CONTAINS 'VirusTotal'
RETURN
  EC2Instance.instanceId,
  EC2Instance.vpcId,
  NetworkConnection.destinationIP,
  ThreatIntelligence.confidence,
  ThreatIntelligence.x_dugganusa_discovery.sources_with_zero_score

Azure Sentinel Integration via Wiz

wql
# Export to Azure Sentinel for correlation
AzureResource
  WHERE hasNetworkConnection = true
  AND networkConnection.externalIP IN (
    SELECT ip FROM DugganUSAFeed
    WHERE confidence >= 85
  )
EXPORT TO AzureSentinel
  AS 'DugganUSA_Threat_Detection'

Custom Rules for Cloud Environments

AWS: Block EC2 Communication with High-Confidence Threats

Create AWS Security Group Rule:

python
# Via Wiz Automation
import requests

malicious_ips = [] for obj in stix_data.get('objects', []): if obj.get('type') == 'indicator': ip = obj.get('pattern', '').split("'")[1] malicious_ips.append(ip)

Azure: Network Security Group Automation

python
# Via Wiz + Azure Logic App
from azure.mgmt.network import NetworkManagementClient

feed_url = "https://analytics.dugganusa.com/api/v1/stix-feed?days=7&min_confidence=90" stix_data = requests.get(feed_url).json()

for obj in stix_data.get('objects', []): if obj.get('type') == 'indicator': ip = obj.get('pattern', '').split("'")[1] confidence = obj.get('confidence', 0) if confidence >= 90: # Add deny rule to NSG network_client.security_rules.create_or_update( resource_group_name='production-rg', network_security_group_name='production-nsg', security_rule_name=f'Deny_DugganUSA_{ip.replace(".", "_")}', security_rule_parameters={ 'priority': 100, 'protocol': '*', 'access': 'Deny', 'direction': 'Outbound', 'source_address_prefix': '*', 'destination_address_prefix': ip } ) ```

Feed Parameters

# High confidence for cloud prevention policies
https://analytics.dugganusa.com/api/v1/stix-feed?days=7&min_confidence=90

Why This Matters for Cloud Security

Wiz has the cloud visibility. We have the threat correlation.

You see misconfigurations, vulnerabilities, identity issues. We see 5 threat intelligence sources simultaneously correlated across live attack traffic.

When AbuseIPDB, VirusTotal, and ThreatFox all score an IP as zero — but we blocked it at 95% confidence based on actual attack behavior — that's the indicator your cloud security platform needs.

Your cloud resources shouldn't communicate with IPs that billion-dollar vendors missed.

244 unique discoveries. Free. Forever.

Integration with CSPM

Wiz CSPM can leverage our feed for:

1. Runtime Protection: Block EC2/VM outbound to malicious IPs 2. Compliance Evidence: Document threat blocking for SOC2/ISO27001 3. Incident Response: Correlate security findings with external threats 4. Cloud Detective: Enrich investigation graphs with threat intel

Democratic Sharing Law

This feed is free because hoarding threat intelligence is bullshit.

Zero marginal cost to share digital goods. We publish openly because that's how you prove you're not lying about your discoveries.

Judge Dredd Dimension 6 (Democratic Sharing): 99.5% public (4,780 files tracked).

7.1x evidence-to-claims ratio. We show receipts.

Wiz raised $1 billion. We're giving away threat intelligence for free. Different philosophies. Same goal: better security.

Technical Details

• Format: STIX 2.1 Bundle

• Attribution: `created_by_ref: identity--dugganusa-llc-f4a8c3d2-1b9e-4f7a-8c2d-9e3f5b6a7c8d`

• Update Frequency: Real-time from production auto-blocking

• License: CC0-1.0 (Public Domain)

• Contact: [email protected]

• Cloud Support: AWS, Azure, GCP indicators

Support

Questions? Email [email protected]

API health: `https://analytics.dugganusa.com/api/v1/stix-feed/info`

Documentation: `https://analytics.dugganusa.com/docs/stix-feed.md`

Your security is our problem now.

— DugganUSA LLC (Minnesota)