Seven Ways to Plug Us In. One Feed. $9 a Month.

People keep asking us "do you support X". We do. We support all of X. Here is the field guide to every documented integration we ship today, what each one ingests, what it costs you, and what the named competitor charges for the same thing.

The feed itself is the same in every direction. STIX 2.1, TAXII 2.1, and a clean CSV fallback for the SIEMs whose vendors decided in 2019 that custom HTTP headers were too much to ask. Authentication is Authorization: Bearer <your-key> for the modern stuff and ?api_key=<your-key> for the splunk crowd. One feed. Seven first-class integrations. Anything that speaks STIX speaks to us.

Here is the roster.

1. CrowdStrike Falcon — EDR/XDR. We publish a CrowdStrike-specific guide because we have to. Their own threat intelligence add-on, Falcon X Premium, runs about $20 per endpoint per year for the basic tier and climbs from there. Our integration drops the same indicator universe into your existing Falcon Query Language hunts. Auto-block at 95-percent confidence, MITRE ATT&CK correlation, the works. If you are already paying CrowdStrike for endpoints, this is the cheapest way to stop paying them again for intel. Difficulty: easy.

2. Palo Alto Cortex XDR — XDR. External Dynamic Lists straight from our feed. Behavioral Indicators of Compromise rules pre-shaped for XQL hunting. AutoFocus correlation if you use it. The Palo intel sub costs five figures a year for a thousand-endpoint shop and we publish the integration guide for free. Difficulty: medium, only because Cortex makes you click through three menus to wire anything.

3. Microsoft Sentinel — cloud-native SIEM on Azure. TAXII 2.1 connector if you are running modern Sentinel. Logic App with a JSON workflow if you are not. KQL analytic queries written for you. Custom workbooks. Threat maps. Automated alert rules tied to our IOC categories. Microsoft charges per-GB for Sentinel ingestion and our feed adds maybe 50 megabytes a day of correlated indicator events. The math works out fine.

4. Splunk Enterprise Security — on-prem or cloud SIEM. Native STIX import in Splunk ES 8.x. Just point the connector at our ?format=splunk endpoint and walk away. Query-parameter authentication for the SIEMs that cannot set custom headers (looking at you, classic Threat Intelligence Framework). SPL correlation searches written and tested. Notable Events that fire on our high-confidence threats. Splunk's own Enterprise Threat Intelligence Management product is six figures a year. We are nine dollars a month.

5. Wiz — cloud security posture. STIX 2.1 ingest. The 244 unique discoveries our pipeline made that AbuseIPDB, VirusTotal, and ThreatFox all scored as zero are now searchable inside your Wiz console. Wiz is excellent at cloud posture and weaker on threat intel and they will tell you that themselves if you ask their solutions engineers honestly. We close the gap. Cost to you: one configuration, one Bearer token.

6. OPNsense — firewall and IDS. Three blocklist feeds, plain text, firewall-ready: IPs, domains, URLs. Each one is the consolidated output of fifteen upstream threat sources cascaded through our correlation pipeline. Drop the URLs into OPNsense Aliases, schedule the refresh every 30 minutes, and your perimeter starts blocking the indicators we caught this week before your subscription vendor catches them next quarter. Same pattern works for pfSense, Untangle, anything that does external URL aliases.

7. IBM QRadar — SIEM. Published our QRadar configuration guide on April 24. TAXII 2.1 directly into the QRadar Threat Intelligence app. Fifteen-minute setup. One blog post, one feed URL, one API key. Done.

The eighth thing is everyone else. If your stack speaks STIX 2.1 or TAXII 2.1 or can ingest a 12-megabyte CSV of IP addresses every six hours, you are integrated. We have customers running this through Suricata rule files, Snort, ELK stacks, AWS GuardDuty CSV imports, Cloudflare WAF custom rules, Cisco Umbrella block lists, and one guy who pipes it into a Raspberry Pi running pi-hole because his neighborhood mesh network needed threat intel. We do not gate on your vendor. We gate on whether you have a key.

Why we do this for nine dollars a month while CrowdStrike, Mandiant, Recorded Future, and ThreatConnect charge five-figure-and-up annual contracts for the same data shape: digital goods have zero marginal cost to share. We made the pipeline once. The thirty-thousandth subscriber costs us roughly the same as the third one, which is to say a few cents of compute. The pricing model that says "pay us six figures because we are the only ones who can correlate fifteen feeds for you" is a story those vendors tell their sales teams. The actual marginal cost of one more enterprise pulling our STIX bundle is a few hundred milliseconds of CPU and a megabyte of egress.

We have 275 enterprises pulling daily across 46 countries. Microsoft, AT&T, and Starlink are on the consumer list. Federal corridor cities — San Antonio for AFCYBER, Tampa for CENTCOM and SOCOM — are reading from us regularly. None of them paid five figures to a competitor for a feed that is this much fresher. Some of them did and now they have us as a check.

If your CISO asked this quarter "what is our threat intel coverage" and the answer was a SaaS contract for $40,000 a year, we are nine dollars a month with a richer indicator set, faster delivery, and the same MITRE mappings. That is the field guide. The seven integration documents are linked below. Pick yours.

Integration documentation lives at github.com/pduggusa/security-dugganusa/tree/main/docs/integrations. Each one is a step-by-step guide with config snippets, query examples, and verification steps.

Sources: our own integration repo at security-dugganusa/docs/integrations (00-MASTER-INDEX through 07-STIX-FEED-TROUBLESHOOTING), CrowdStrike Falcon X pricing public summaries, Palo Alto AutoFocus pricing public summaries, Splunk ES Threat Intelligence Management module pricing, IBM QRadar TIP module pricing.

The cheapest, fastest, most accurate threat feed on the internet.

275+ enterprises pulling daily. 1M+ IOCs. 17.4M indexed documents. We beat Zscaler by 43 days on NrodeCodeRAT. Starter tier $9/mo — less than any competitor's sales demo.

Look up an IOC → · Audit your brand on AIPM → · See pricing →

How do AI models see YOUR brand?

AIPM has audited 250+ domains. 15 seconds. Free while still in beta.

Audit your site now → aipmsec.com