One credit ≈ one standard investigation. Complex cases consume more. You see the cost of every verdict, before and after.
For lean security teams < 100 employees. Monthly, no contract.
Mid-market SOCs. Annual contract, monthly billing.
1,000+ employees, regulated, or MSSP.
All plans include: every-action audit trail · verifier abstention · SOC 2 Type II · ISO 27001 · weekly accuracy report.
| Workload | Credits | Typical alerts |
|---|---|---|
| Standard triage (phishing, login, IDS) | 1 credit | ≈ 70% |
| Multi-pivot investigation (lateral movement) | 5–15 credits | ≈ 22% |
| Containment + response actions | +2 credits | ≈ 8% |
| Threat hunt (scheduled) | 30–80 credits | Custom |
Overage at $0.02 / credit. Roll-over for 30 days. Volume discounts at 100k, 1M, 10M / month.
No. We charge against the work done — investigations and credits. Seats are unlimited because adding analysts shouldn't be punished.
60 days of production access on a fixed scope: 2 alert categories, 2 integrations, your eval set. Pilots convert to annual at the published list.
Enterprise customers run in a dedicated VPC. Growth runs in a logically-isolated multi-tenant. We never train on your data unless you opt in.
Yes. Every customer gets a weekly accuracy report, broken down by workflow, with the full eval set.
The verifier should catch it before the responder acts. If a containment action is wrong, our SLA covers rollback within 30 minutes and incident credit.