DugganUSA LLC is a cybersecurity company based in Minnesota that builds AI-powered threat intelligence tools. Our platform indexes over 1 million indicators of compromise (IOCs), 400,000+ DOJ Epstein documents, and provides a free STIX 2.1 threat feed consumed by Fortune 500 companies and defense contractors.

Butterbot is DugganUSA's AI-powered security chatbot with 40+ tools for searching IOCs, correlating threat indicators, traversing threat graphs, analyzing behavioral patterns, and running CARVER risk assessments. It uses OpenAI function calling with Meilisearch-backed indexes.

What is AIPM (AI Presence Management)?

AIPM is a tool that audits how AI models (GPT, Claude, Gemini, Perplexity) perceive and recommend your brand. It calculates an AIPM-NPS score by directly querying AI models, analyzes your website structure for AI crawler readiness, and provides optimization recommendations. Think 'SEO for the LLM era.'

Is the Epstein Files search free?

Yes. The Epstein Files Search at epstein.dugganusa.com offers a free tier with 500 queries per day. It covers all 12 DOJ EFTA datasets (400K+ documents), 2M+ ICIJ offshore entities, and 2M+ federal decisions. Professional and enterprise tiers are available for researchers and journalists needing higher limits.

Who founded DugganUSA?

DugganUSA was founded by Patrick Duggan on December 1, 2025, in Minnesota. Patrick's background includes Dell EMC, Palo Alto Networks, and embedded work at Microsoft on JEDI/Azure Stack. The company's D-U-N-S number is 14-363-3562.

What is the DugganUSA STIX feed?

DugganUSA operates a free STIX 2.1 threat intelligence feed at analytics.dugganusa.com/api/v1/stix-feed. It contains 1M+ indicators of compromise including botnet C2s, malicious IPs, and attack infrastructure. The feed is TAXII 2.1 compliant and is consumed by major organizations including Microsoft, AT&T, Amazon, and defense contractors.

Who Consumes Threat Intel? A Complete Integration Matrix

Name: DugganUSA Threat Intel Feed
Creator: DugganUSA LLC

Patrick Duggan
Jan 25
3 min read

The Feed Formats

Format	URL	Best For
STIX 2.1	/api/v1/stix-feed	TIPs, modern SIEMs
CSV	/api/v1/stix-feed?format=csv	Spreadsheets, custom scripts
Plain Text	/api/v1/stix-feed?format=txt	Firewalls, blocklists
JSON	/api/v1/stix-feed?format=json	APIs, automation
YARA	/api/v1/detection-rules/yara	File scanning, EDR
Suricata	/api/v1/detection-rules/suricata	Network IDS/IPS
Sigma	/api/v1/detection-rules/sigma/ioc	SIEM conversion
Bundle (ZIP)	/api/v1/detection-rules/bundle	Everything at once

Category 1: SIEMs

Product	Integration	Guide
Splunk	Sigma conversion, SPL queries	SIEM Guide
Microsoft Sentinel	KQL, TAXII connector	SIEM Guide
IBM QRadar	Reference sets, Sigma	SIEM Guide
Elastic SIEM	Detection rules API	SIEM Guide
Google Chronicle	Native STIX, YARA	SIEM Guide
Sumo Logic	Lookup tables, CSE rules	CSV import
LogRhythm	AI Engine rules	Sigma conversion
Exabeam	Threat intel module	STIX feed

Category 2: Firewalls & Network Security

Product	Integration	Guide
Palo Alto Panorama	External Dynamic Lists (EDL)	Firewall Guide
Fortinet FortiGate	Threat Feed Connector	Firewall Guide
Cisco Firepower	Security Intelligence feeds	Firewall Guide
Check Point	Updatable Objects	Firewall Guide
pfSense/OPNsense	pfBlockerNG, aliases	Firewall Guide
Sophos XG	IP blocklist import	TXT format
Juniper SRX	Dynamic address feeds	TXT format
Ubiquiti UniFi	Threat management	Manual import

Category 3: EDR / XDR

Product	Integration Method
CrowdStrike Falcon	Custom IOC upload, YARA rules
SentinelOne	Threat Intelligence API
Microsoft Defender	Custom indicators, YARA
Carbon Black	Watchlists, YARA
Cortex XDR	IOC rules, external feeds
Cybereason	Malop hunting, custom IOCs
Trellix (McAfee)	ATD YARA rules
Trend Micro	Custom intelligence

YARA Integration Example: ```bash curl -s https://analytics.dugganusa.com/api/v1/detection-rules/yara \ -o /opt/yara-rules/dugganusa.yar

Category 4: SOAR Platforms

Product	Integration Method
Splunk SOAR (Phantom)	REST API app, playbooks
Palo Alto XSOAR	TIM integration, playbooks
IBM Resilient	Functions, integrations
Swimlane	HTTP connector
Tines	HTTP action
Torq	REST integration

XSOAR Playbook Example: ``python def enrich_indicator(indicator): response = demisto.executeCommand('http', { 'method': 'GET', 'url': f'https://analytics.dugganusa.com/api/v1/search?q={indicator}' }) return response ``

Category 5: Threat Intel Platforms (TIPs)

Product	Native Support
MISP	STIX 2.1 import, feeds
OpenCTI	STIX 2.1 native, connectors
ThreatConnect	STIX/TAXII, API
Anomali ThreatStream	STIX feed import
Recorded Future	Intelligence card enrichment
Mandiant Advantage	IOC correlation
ThreatQuotient	STIX/TAXII integration

MISP Import: ``bash # Add as MISP feed curl -X POST https://misp/feeds/add \ -H "Authorization: YOUR_API_KEY" \ -d '{ "name": "DugganUSA Threat Intel", "provider": "DugganUSA LLC", "url": "https://analytics.dugganusa.com/api/v1/stix-feed", "source_format": "stix2" }' ``

Category 6: Email Security

Product	Integration Method
Proofpoint	URL Defense blocklist
Mimecast	Managed URL blocklist
Microsoft Defender for Office 365	Tenant Allow/Block list
Cisco Secure Email	Content filters
Barracuda	URL blocklist

Domain Extraction: ``bash # Extract domains from STIX feed curl -s https://analytics.dugganusa.com/api/v1/stix-feed?format=json | \ jq -r '.objects[] | select(.type=="domain-name") | .value' \ > malicious_domains.txt ``

Category 7: DNS Security

Product	Integration Method
Cisco Umbrella	Custom blocklist
Infoblox BloxOne	Threat intel feeds
Cloudflare Gateway	Custom blocklist
Pi-hole	Blocklist URL
NextDNS	Denylist
Quad9	(uses our data indirectly)

Pi-hole Integration: ```bash # Add to /etc/pihole/custom.list curl -s https://analytics.dugganusa.com/api/v1/stix-feed?format=json | \ jq -r '.objects[] | select(.type=="domain-name") | "0.0.0.0 " + .value' \ >> /etc/pihole/custom.list

pihole restartdns ```

Category 8: Web Proxies / CASB

Product	Integration Method
Zscaler	Custom URL categories
Netskope	Threat protection lists
Symantec WSS	URL blocklists
McAfee Web Gateway	External lists
Squid Proxy	ACL blocklists

Category 9: Network Detection & Response

Product	Integration Method
Zeek (Bro)	Intel framework, Suricata
Suricata	Native rule format
Snort	Suricata rules (compatible)
Darktrace	Model deviation triggers
ExtraHop	Custom detections
Corelight	Zeek intel feeds
Vectra AI	Custom threat feeds

Zeek Intel Framework: ``bash # Convert to Zeek intel format curl -s https://analytics.dugganusa.com/api/v1/stix-feed?format=csv | \ awk -F',' 'NR>1 {print $1"\tIntel::ADDR\tDugganUSA\t"$3"\t-\t-\tT"}' \ > /opt/zeek/share/zeek/site/intel.dat ``

Category 10: Vulnerability Management

Product	Use Case
Tenable Nessus/IO	CISA KEV prioritization
Qualys	Threat context enrichment
Rapid7 InsightVM	CVE correlation
CrowdStrike Spotlight	Exploitability context

CISA KEV Correlation: ``bash # Our feed includes CISA KEV data curl -s https://analytics.dugganusa.com/api/v1/stix-feed | \ jq '.objects[] | select(.type=="vulnerability")' ``

Category 11: Container & Cloud Security

Product	Integration Method
Aqua Security	YARA for image scanning
Prisma Cloud	Custom threat feeds
Sysdig	Falco rules, YARA
Snyk	Vulnerability enrichment
Trivy	Custom vulnerability DB

Category 12: Malware Analysis / Sandboxes

Product	Integration Method
VirusTotal	YARA retrohunt
Any.Run	IOC correlation
Joe Sandbox	YARA rules
Hybrid Analysis	Indicator lookup
Cuckoo Sandbox	YARA integration

Universal Integration: cron + curl

For anything not listed above:

#!/bin/bash
# /opt/scripts/fetch-threat-intel.sh

echo "Updated at $(date)" ```

Cron (hourly): `` 0 * * * * /opt/scripts/fetch-threat-intel.sh >> /var/log/threat-intel.log 2>&1 ``

Summary

Format	Primary Consumers
STIX 2.1	TIPs, modern SIEMs, TAXII clients
CSV	Firewalls, custom scripts, spreadsheets
TXT	Firewalls, DNS blocklists, proxies
YARA	EDR, sandboxes, malware analysis
Suricata	Network IDS/IPS, Zeek
Sigma	Any SIEM (after conversion)

Questions?

API Docs: https://analytics.dugganusa.com/docs/stix-feed.md
Dashboard: https://analytics.dugganusa.com/dashboard
Contact: [email protected]

Free for non-commercial use. Commercial use requires attribution to DugganUSA LLC.

Her name was Renee Nicole Good.

His name was Alex Jeffery Pretti.