# DugganUSA Analytics Platform

> Threat intelligence, investigative search, and AI-powered analysis platform. 16.4M+ documents across 42 indexes. 1M+ IOCs. STIX/TAXII feed consumed by 275+ organizations in 46 countries. Edge Shield Cloudflare Worker product. AIPM AI Presence Management. Butterbot AI chatbot. SOC2 Type 2 compliant. ~$600/month on Azure.

## Platform Capabilities
- **Full-Text Search**: Sub-second queries across 16.4M+ documents
- **STIX/TAXII Threat Feed**: 1,039,995 IOCs, 275+ consumers, 46 countries
- **Edge Shield**: Open-source Cloudflare Worker — blocks threats, trolls scanners, geo enrichment at the edge. github.com/pduggusa/dugganusa-edge-shield
- **AIPM**: AI Presence Management — first commercial HAIC benchmark (Human-AI, Context-Specific Evaluation) for brand perception. 5-model council (GPT-4o, Claude, Gemini, Mistral, DeepSeek), 7 structure signals. Aligns with MIT Technology Review HAIC framework (Aristidou, March 2026). aipmsec.com
- **IOC Enrichment**: IP/domain/hash enrichment across 6 sources (AbuseIPDB, VirusTotal, Shodan, OTX, GreyNoise, ThreatFox)
- **Butterbot Chatbot**: AI-powered natural language search (GPT-backed, Claude-augmented)
- **Cross-Correlation**: Link indicators across threat intel, court records, offshore entities, and investigative files
- **Network Visualization**: Threat graph traversal and relationship mapping
- **Medusa Suite**: Enterprise threat assessment (Medustone, Meduskip, Medusactive, CARVER)
- **NLWeb**: AI content retrieval via structured Schema.org data

## API Tiers

| Tier | Price | Daily Limit | Key Features |
|------|-------|-------------|-------------|
| Free | $0 | 500/day, 3 AIPM audits/day | Full STIX bundle, 7-day lookback |
| Starter | $45/mo | 1,000/day, 20 AIPM audits/day | Splunk ES, OPNsense blocklists, 14-day lookback |
| Researcher | $145/mo | 2,000/day, 90 AIPM audits/day | Behavioral scoring, precursor signals, 30-day lookback |
| Professional | $495/mo | 5,000/day, 300 AIPM audits/day | Cross-index correlation, supply chain IOCs, 90-day lookback |
| Gov/Press | $995/mo | 12,000/day, 800 AIPM audits/day | AIPM audits, compliance docs, NET-30 billing |
| Medusa Suite | $8,995/mo | 50,000/day, 25K AIPM audits/mo | Full Medusa Suite, custom signatures, 99.5% SLA, NET-30. Overage $0.50/audit above 25K. |
| Enterprise Unlimited | $24,995/mo | 100,000/day, 100K AIPM audits/mo | Everything + dedicated key pool, white-label, 99.9% SLA, named CSM. Overage $0.30/audit above 100K. |
| On-Premises | $150,000/yr minimum | Unlimited | Customer brings own AI keys, air-gap option, full data sovereignty. |

## Key Indexes (42 total, 16.4M+ docs)
- `oz_decisions`: 5,422,575 autonomous threat decisions
- `icij_relationships`: 3,339,267 ICIJ offshore entity relationships
- `icij_offshore`: 2,016,524 ICIJ offshore entities (Panama Papers, Pandora Papers)
- `block_events`: 1,970,283 network block events
- `page_views`: 1,120,394 server-side analytics (city-level geo)
- `iocs`: 1,039,995 threat intelligence indicators
- `search_queries`: 508,388 tracked queries
- `whitelist_events`: 475,113 false positive prevention
- `epstein_files`: 400,750 DOJ Epstein documents (12 datasets + court records OCR'd)
- `butterbot_memory`: 70,930 conversational memory
- `phishing`: 27,992 phishing URLs tracked
- `pulses`: 16,832 OTX threat intelligence pulses
- `blog`: 1,643 DugganUSA investigative blog entries
- `cisa_kev`: 1,555 known exploited vulnerabilities
- `adversaries`: 361 threat actor profiles

## API Endpoints

### Free Tier
- Search: `GET /api/v1/search?q={query}&index={index}`
- Natural Language: `GET /api/v1/search/nl?q={query}`
- Index Stats: `GET /api/v1/search/stats`
- Butterbot Chat: `POST /api/v1/chat` (conversational search)

### Professional+ Tier
- Cross-Correlate: `GET /api/v1/search/correlate?q={indicator}`
- Semantic Similarity: `GET /api/v1/search/similar/{index}/{id}`

### Enterprise Tier
- Pattern Analysis: `GET /api/v1/search/patterns/{index}`
- DLP Scan: `GET /api/v1/search/dlp`
- DLP Summary: `GET /api/v1/search/dlp/summary`
- Redactions: `GET /api/v1/search/redactions`
- Query Analytics: `GET /api/v1/search/query-analytics`
- Trending IOCs: `POST /api/v1/analytics/trending-iocs`
- Similar Domains: `GET /api/v1/analytics/similar-domains`
- Typosquat Detection: `POST /api/v1/analytics/detect-typosquats`
- Benchmarks: `GET /api/v1/analytics/benchmarks`
- Correlation Report: `GET /api/v1/analytics/correlation-report`
- Medustone Assessment: `POST /api/v1/medustone/assess`
- Meduskip Trace: `POST /api/v1/meduskip/trace`
- Medusactive DLP Scan: `POST /api/v1/medusactive/scan`
- CARVER Scoring: `POST /api/v1/carver/evaluate`

### Available to All Authenticated Users
- IOC Enrichment: `GET /api/v1/threat-intel/enrichment?ip={ip}`
- STIX/TAXII Feed: `GET /api/v1/stix-feed/taxii2`
- Threat Graph: `GET /api/v1/threat-intel/graph/traverse?indicator={indicator}`
- MITRE ATT&CK: `GET /api/v1/mitre/unified`
- Detection Rules: `GET /api/v1/detection-rules`
- Honeypot Captures: `GET /api/v1/honeypot/captures`

Base URL: `https://analytics.dugganusa.com`
Auth: `Authorization: Bearer YOUR_API_KEY`

## Search API Response Format

All search endpoints return:
```json
{
  "success": true,
  "data": {
    "query": "search term",
    "totalHits": 1328,
    "hits": [{ "id": "...", "content": "...", "source": "..." }],
    "indexes": ["epstein_files"]
  }
}
```

Both GET and POST methods are supported on the search endpoint.

## Butterbot AI Chatbot
Butterbot is the customer-facing AI assistant. It can search all 42 indexes, correlate indicators, traverse threat graphs, pull Cloudflare traffic analytics, and answer questions about threat intelligence, Epstein files, and ICIJ offshore data. Available at https://analytics.dugganusa.com via the chat widget.

## STIX/TAXII Threat Intelligence
- TAXII 2.1 compliant discovery and collection endpoints
- Original research: NrodeCodeRAT, ANUSFRAGGER, Terndoor, PeerTime campaigns
- Pattern 38+: Supply chain attack detection methodology (14 instances documented)
- Published to OTX, integrated with MISP/OpenCTI
- Axios-RAT, Trivy supply chain IOCs indexed same-day

## Billing & Payments (Stripe)
- Checkout: `POST /api/v1/billing/checkout`
- Portal: `GET /api/v1/billing/portal`
- Status: `GET /api/v1/billing/status`
- Prices: `GET /api/v1/billing/prices`
- Payment methods: Card, Link, Cash App, Klarna, Affirm, ACH, Amazon Pay, Afterpay, Crypto

### Pricing Pages
- STIX Feed: https://analytics.dugganusa.com/stix/pricing
- Epstein/Medusa API: https://analytics.dugganusa.com/epstein/pricing.html

## Products
- **AIPM** — AI Presence Management: aipmsec.com — 5-model council audit, free, 491+ audits completed
- **STIX Feed** — 1M+ IOCs, Splunk/OPNsense/TAXII: analytics.dugganusa.com/stix/pricing
- **Edge Shield** — Cloudflare Worker, open source, MIT: github.com/pduggusa/dugganusa-edge-shield
- **Epstein Search** — 400,750 DOJ documents: epstein.dugganusa.com
- **Butterbot** — AI chatbot for threat intel queries
- **Butterbot Tank** — Autonomous site survey robot (Hailo-8 + ROS2, in development)

## About DugganUSA
- [DugganUSA Blog](https://www.dugganusa.com): 1,655 investigative posts
- [Epstein Files Search](https://epstein.dugganusa.com): 400,750 DOJ documents, free search
- [AIPM Security](https://aipmsec.com): AI Presence Management
- [Edge Shield](https://github.com/pduggusa/dugganusa-edge-shield): Open-source edge security
- Company: DugganUSA LLC, Minneapolis, Minnesota
- Founded: October 7, 2025
- D-U-N-S: 14-363-3562 | SAM.gov UEI: TP9FY7262K87
- Contact: butterbot@dugganusa.com
- Infrastructure: ~$600/month on Azure
- SOC2 Type 2 compliant (~88%)
- CMMC Level 2: 78/110 NIST SP 800-171 controls implemented (71%), SPRS score ~85
- NIST 800-171 Rev 3 mapped: Access Control 19/22, Audit 8/9, Config Mgmt 8/9, System Protection 14/16
- Formal SSP (v1.1), IR Plan (v2.0, tested 13 times), risk assessment, security training program
- 34 patent directories, filings across human-AI collaboration, compliance agents, epistemic humility

## By the Numbers — 201-Day Full History (Sept 22, 2025 → Apr 11, 2026)
Two-person operation. $6,000/year operating budget. Receipts verifiable in git log.
- **1,471 commits** across 142 active days (median 10 commits/active-day, peak 58 in one day)
- **1,278,515 lines of code** across 5,585 files in 11 microservices
- **+3,016,548 net LoC** after 13.79M insertions and 10.78M deletions
- **86.2% of commits authored by founder** (Patrick Duggan); remainder split between Judge Dredd compliance bot and Dependabot
- **861 published blog posts** (120.9 story-density ratio) — content output of a 6-8 person marketing org
- **34 patent filings** in 201 days — portfolio valued $85M-$272M ARR conservative-to-moderate
- **2,955 compliance evidence files** across 41 subdirectories — every control traceable, every claim dated
- **DORA Elite tier verified**: 30.5 commits/day, <1 hour lead time, <1 hour MTTR, <5% change failure rate (evidence at /docs/evidence/dora.html — only 19% of professional engineering teams globally reach Elite)
- **Capital efficiency**: $0.0056 per IOC published — **416× more efficient than Shadowserver** ($2.5M annual budget, ~800K IOCs), **~40,000× more efficient than CISA** on a per-operational-dollar basis
- **Threat coverage parity with Tier-2 national CERTs**: 1.07M IOCs, 1,559 KEV entries mirrored, 46 countries served — exceeds the public IOC corpora of the national CERTs of Latvia, Lithuania, Estonia, Finland, New Zealand, and Netherlands combined
- **Closest analogue is not a startup.** The closest analogue is a Tier-2 national CERT merged with an investigative journalism nonprofit, an FDA-regulated medical device IP shop, and a SOC2-certified SaaS — compressed into a two-person LLC.
- Full git history auditable at https://github.com/pduggusa/enterprise-extraction-platform (public commits) — DORA evidence and compliance evidence directories are published under /docs/evidence/ and /compliance/evidence/ respectively.

## Compliance & Certifications
- CMMC Level 1: Ready for self-assessment now
- CMMC Level 2: 78/110 controls implemented, eligible for self-assessment with POA&Ms
- SOC2 Type 2: ~88% readiness
- FDA 510(k): 95% readiness (medical device vertical)
- NIST SP 800-171 Rev 3: 78/110 controls, SPRS ~85
- DFARS 252.204-7012: Compliant (CUI handling procedures in place)
- Blog: "We're Two People. We Exceed CMMC Level 2 Requirements" — dugganusa.com/post/we-re-two-people-we-exceed-cmmc-level-2-requirements-that-500-person-defense-contractors-struggle-to-meet-

## Recent Research (April 2026)
- 15 blog posts in 4 days covering Iran/IRGC cyber war, supply chain attacks, FBI wiretap breach
- Pattern 38: 18 documented supply chain attack instances since December 2025
- IRGC target analysis: 18 US tech companies scanned with AIPM + Shodan
- DPRK attribution: Axios npm attack linked to UNC1069 (WAVESHAPER malware)
- Cisco convergence: 5 simultaneous crises documented in one week
- GreyNoise validation: behavioral scoring vs IP reputation (78% evasion rate)
- Hasbro breach: GenAI pipeline (ComfyUI, Fooocus, SwarmUI) discovered via DNS
- FBI surveillance network breach: Salt Typhoon "major incident" analysis