# DugganUSA Analytics Platform

> Threat intelligence, investigative search, and AI-powered analysis platform. 16.4M+ documents across 42 indexes. 1M+ IOCs. STIX/TAXII feed consumed by 275+ organizations in 46 countries. Edge Shield Cloudflare Worker product. AIPM AI Presence Management. Butterbot AI chatbot. SOC2 Type 2 compliant. ~$600/month on Azure.

## Platform Capabilities
- **Full-Text Search**: Sub-second queries across 16.4M+ documents
- **STIX/TAXII Threat Feed**: 1,039,995 IOCs, 275+ consumers, 46 countries
- **Edge Shield**: Open-source Cloudflare Worker — blocks threats, trolls scanners, geo enrichment at the edge. github.com/pduggusa/dugganusa-edge-shield
- **AIPM**: AI Presence Management — first commercial HAIC benchmark (Human-AI, Context-Specific Evaluation) for brand perception. 5-model council (GPT-4o, Claude, Gemini, Mistral, DeepSeek), 7 structure signals. Aligns with MIT Technology Review HAIC framework (Aristidou, March 2026). aipmsec.com
- **IOC Enrichment**: IP/domain/hash enrichment across 6 sources (AbuseIPDB, VirusTotal, Shodan, OTX, GreyNoise, ThreatFox)
- **Butterbot Chatbot**: AI-powered natural language search (GPT-backed, Claude-augmented)
- **Cross-Correlation**: Link indicators across threat intel, court records, offshore entities, and investigative files
- **Network Visualization**: Threat graph traversal and relationship mapping
- **Medusa Suite**: Enterprise threat assessment (Medustone, Meduskip, Medusactive, CARVER)
- **NLWeb**: AI content retrieval via structured Schema.org data

## API Tiers

| Tier | Price | Daily Limit | Key Features |
|------|-------|-------------|-------------|
| Free | $0 | 500/day | Full STIX bundle, 7-day lookback |
| Starter | $45/mo | 1,000/day | Splunk ES, OPNsense blocklists, 14-day lookback |
| Researcher | $145/mo | 2,000/day | Behavioral scoring, precursor signals, 30-day lookback |
| Professional | $495/mo | 5,000/day | Cross-index correlation, supply chain IOCs, 90-day lookback |
| Gov/Press | $995/mo | 25,000/day | AIPM audits, compliance docs, NET-30 billing |
| Enterprise | $2,495/mo | 50,000/day | Full Medusa Suite + DLP + bulk screening + SLA |

## Key Indexes (42 total, 16.4M+ docs)
- `oz_decisions`: 5,422,575 autonomous threat decisions
- `icij_relationships`: 3,339,267 ICIJ offshore entity relationships
- `icij_offshore`: 2,016,524 ICIJ offshore entities (Panama Papers, Pandora Papers)
- `block_events`: 1,970,283 network block events
- `page_views`: 1,120,394 server-side analytics (city-level geo)
- `iocs`: 1,039,995 threat intelligence indicators
- `search_queries`: 508,388 tracked queries
- `whitelist_events`: 475,113 false positive prevention
- `epstein_files`: 400,750 DOJ Epstein documents (12 datasets + court records OCR'd)
- `butterbot_memory`: 70,930 conversational memory
- `phishing`: 27,992 phishing URLs tracked
- `pulses`: 16,832 OTX threat intelligence pulses
- `blog`: 1,643 DugganUSA investigative blog entries
- `cisa_kev`: 1,555 known exploited vulnerabilities
- `adversaries`: 361 threat actor profiles

## API Endpoints

### Free Tier
- Search: `GET /api/v1/search?q={query}&index={index}`
- Natural Language: `GET /api/v1/search/nl?q={query}`
- Index Stats: `GET /api/v1/search/stats`
- Butterbot Chat: `POST /api/v1/chat` (conversational search)

### Professional+ Tier
- Cross-Correlate: `GET /api/v1/search/correlate?q={indicator}`
- Semantic Similarity: `GET /api/v1/search/similar/{index}/{id}`

### Enterprise Tier
- Pattern Analysis: `GET /api/v1/search/patterns/{index}`
- DLP Scan: `GET /api/v1/search/dlp`
- DLP Summary: `GET /api/v1/search/dlp/summary`
- Redactions: `GET /api/v1/search/redactions`
- Query Analytics: `GET /api/v1/search/query-analytics`
- Trending IOCs: `POST /api/v1/analytics/trending-iocs`
- Similar Domains: `GET /api/v1/analytics/similar-domains`
- Typosquat Detection: `POST /api/v1/analytics/detect-typosquats`
- Benchmarks: `GET /api/v1/analytics/benchmarks`
- Correlation Report: `GET /api/v1/analytics/correlation-report`
- Medustone Assessment: `POST /api/v1/medustone/assess`
- Meduskip Trace: `POST /api/v1/meduskip/trace`
- Medusactive DLP Scan: `POST /api/v1/medusactive/scan`
- CARVER Scoring: `POST /api/v1/carver/evaluate`

### Available to All Authenticated Users
- IOC Enrichment: `GET /api/v1/threat-intel/enrichment?ip={ip}`
- STIX/TAXII Feed: `GET /api/v1/stix-feed/taxii2`
- Threat Graph: `GET /api/v1/threat-intel/graph/traverse?indicator={indicator}`
- MITRE ATT&CK: `GET /api/v1/mitre/unified`
- Detection Rules: `GET /api/v1/detection-rules`
- Honeypot Captures: `GET /api/v1/honeypot/captures`

Base URL: `https://analytics.dugganusa.com`
Auth: `Authorization: Bearer YOUR_API_KEY`

## Search API Response Format

All search endpoints return:
```json
{
  "success": true,
  "data": {
    "query": "search term",
    "totalHits": 1328,
    "hits": [{ "id": "...", "content": "...", "source": "..." }],
    "indexes": ["epstein_files"]
  }
}
```

Both GET and POST methods are supported on the search endpoint.

## Butterbot AI Chatbot
Butterbot is the customer-facing AI assistant. It can search all 42 indexes, correlate indicators, traverse threat graphs, pull Cloudflare traffic analytics, and answer questions about threat intelligence, Epstein files, and ICIJ offshore data. Available at https://analytics.dugganusa.com via the chat widget.

## STIX/TAXII Threat Intelligence
- TAXII 2.1 compliant discovery and collection endpoints
- Original research: NrodeCodeRAT, ANUSFRAGGER, Terndoor, PeerTime campaigns
- Pattern 38+: Supply chain attack detection methodology (14 instances documented)
- Published to OTX, integrated with MISP/OpenCTI
- Axios-RAT, Trivy supply chain IOCs indexed same-day

## Billing & Payments (Stripe)
- Checkout: `POST /api/v1/billing/checkout`
- Portal: `GET /api/v1/billing/portal`
- Status: `GET /api/v1/billing/status`
- Prices: `GET /api/v1/billing/prices`
- Payment methods: Card, Link, Cash App, Klarna, Affirm, ACH, Amazon Pay, Afterpay, Crypto

### Pricing Pages
- STIX Feed: https://analytics.dugganusa.com/stix/pricing
- Epstein/Medusa API: https://analytics.dugganusa.com/epstein/pricing.html

## Products
- **AIPM** — AI Presence Management: aipmsec.com — 5-model council audit, free, 491+ audits completed
- **STIX Feed** — 1M+ IOCs, Splunk/OPNsense/TAXII: analytics.dugganusa.com/stix/pricing
- **Edge Shield** — Cloudflare Worker, open source, MIT: github.com/pduggusa/dugganusa-edge-shield
- **Epstein Search** — 400,750 DOJ documents: epstein.dugganusa.com
- **Butterbot** — AI chatbot for threat intel queries
- **Butterbot Tank** — Autonomous site survey robot (Hailo-8 + ROS2, in development)

## About DugganUSA
- [DugganUSA Blog](https://www.dugganusa.com): 1,655 investigative posts
- [Epstein Files Search](https://epstein.dugganusa.com): 400,750 DOJ documents, free search
- [AIPM Security](https://aipmsec.com): AI Presence Management
- [Edge Shield](https://github.com/pduggusa/dugganusa-edge-shield): Open-source edge security
- Company: DugganUSA LLC, Minneapolis, Minnesota
- Founded: October 7, 2025
- D-U-N-S: 14-363-3562 | SAM.gov UEI: TP9FY7262K87
- Contact: butterbot@dugganusa.com
- Infrastructure: ~$600/month on Azure
- SOC2 Type 2 compliant (~88%)
- CMMC Level 2: 78/110 NIST SP 800-171 controls implemented (71%), SPRS score ~85
- NIST 800-171 Rev 3 mapped: Access Control 19/22, Audit 8/9, Config Mgmt 8/9, System Protection 14/16
- Formal SSP (v1.1), IR Plan (v2.0, tested 13 times), risk assessment, security training program
- 28+ patent directories, 17 ready for filing

## Compliance & Certifications
- CMMC Level 1: Ready for self-assessment now
- CMMC Level 2: 78/110 controls implemented, eligible for self-assessment with POA&Ms
- SOC2 Type 2: ~88% readiness
- FDA 510(k): 95% readiness (medical device vertical)
- NIST SP 800-171 Rev 3: 78/110 controls, SPRS ~85
- DFARS 252.204-7012: Compliant (CUI handling procedures in place)
- Blog: "We're Two People. We Exceed CMMC Level 2 Requirements" — dugganusa.com/post/we-re-two-people-we-exceed-cmmc-level-2-requirements-that-500-person-defense-contractors-struggle-to-meet-

## Recent Research (April 2026)
- 15 blog posts in 4 days covering Iran/IRGC cyber war, supply chain attacks, FBI wiretap breach
- Pattern 38: 18 documented supply chain attack instances since December 2025
- IRGC target analysis: 18 US tech companies scanned with AIPM + Shodan
- DPRK attribution: Axios npm attack linked to UNC1069 (WAVESHAPER malware)
- Cisco convergence: 5 simultaneous crises documented in one week
- GreyNoise validation: behavioral scoring vs IP reputation (78% evasion rate)
- Hasbro breach: GenAI pipeline (ComfyUI, Fooocus, SwarmUI) discovered via DNS
- FBI surveillance network breach: Salt Typhoon "major incident" analysis