Choose Your Plan
Collaborate to defend and transform threat detection together. Choose a plan that’s right
for you: from free Community to On Demand access to Sigma rules to complete Enterprise capabilities
for Detection as Code management, CI/CD pipelines, and automated MITRE ATT&CK® mapping.
Community
For basic access to the Detection as Code repo with limited amount of Sigma Rules
Join for Free
Up to 96 h/year saved on research & coding
Released Rules available for use in 3 days
-
Up to 2 premium Sigma Rules per month
-
Full-text and Lucene Rule search
On Demand
For small to medium teams with one security platform
Get Started Now
Up to 4,000 h/year saved on research & coding
Released Rules available for use in 2 days
-
Custom amount of
-
Full-text and Lucene Rule search
-
Basic single-tenant automation
-
Analytics for top 3 log sources & 3 tactics
-
Best-effort support
Enterprise
For large organizations with multiple security platforms or infrastructures
Get Started Now
Up to 10,000 h/year saved on research & coding
Released Rules available for use in 1 day or instantly
-
Custom amount of
-
Full-text and Lucene Rule search
-
Advanced multi-tenant automation
-
Analytics for 2,000+log sources and complete ATT&CK framework
-
Complete enterprise support with optional 24-hour SLA
-
A dedicated manager and Success Plan
-
Team collaboration and user management
Compare Plan Details
They Trust Us
Frequently Asked Questions
What forms of payment can I use?
On Demand: You have two options:
Enterprise: Our Enterprise Sales Team will contact you to present the use cases and work on the business case and ROI with you. Once agreed, our Sales Team will provide you with a quote. When it's approved on your behalf, we will issue an invoice. Your company will be able to pay with a wire transfer, ACH, or check. You can also purchase Enterprise subscriptions via our channel partners.
1. Pay instantly with your credit or debit card via Stripe.
2. Get an invoice and pay with a wire transfer or ACH.
Enterprise: Our Enterprise Sales Team will contact you to present the use cases and work on the business case and ROI with you. Once agreed, our Sales Team will provide you with a quote. When it's approved on your behalf, we will issue an invoice. Your company will be able to pay with a wire transfer, ACH, or check. You can also purchase Enterprise subscriptions via our channel partners.
When will I get access to my On Demand plan after making the payment?
If you pay with card, your plan
will be activated automatically right away. It may take
several minutes for all changes to become effective. If
you pay using an invoice, your plan will be activated
after we receive the payment. Should you have any questions,
contact us at support@socprime.com or in the live chat on the
SOC Prime Platform.
How is my payment calculated and billed?
On Demand: You pay the current price for one billing
cycle with your credit or debit card via Stripe payment
gateway, or using an invoice. It's like making a purchase
in an online store. At this time, we offer only the annual
subscription. If you’re interested in monthly payments,
please let us know via chat or email.
Enterprise: Contact our Sales, and our representative will reach out to you to discuss the details of a subscription plan that is right for your organization. The amount to be paid for a billing cycle depends on the agreed scope of Platform utilization.
Enterprise: Contact our Sales, and our representative will reach out to you to discuss the details of a subscription plan that is right for your organization. The amount to be paid for a billing cycle depends on the agreed scope of Platform utilization.
Will my subscription auto-renew?
On Demand: No worries, there is no auto-renewal. You buy
the subscription for one billing cycle. To renew your subscription,
simply make a new purchase. Note that the price of the subscription
for the next billing cycle may change.
Enterprise: After the end of the billing cycle, your subscription will not renew automatically. To renew your Enterprise subscription or update its scope for the next billing cycle, contact our Sales at least 6 months prior to the renewal date.
Enterprise: After the end of the billing cycle, your subscription will not renew automatically. To renew your Enterprise subscription or update its scope for the next billing cycle, contact our Sales at least 6 months prior to the renewal date.
Can my teammates use rules I've bought as part of an On Demand plan?
Yes, they can. Any user that is part of your organization can use
the prepaid rule balance and utilize unlocked rules. If you want
your entire team to get the ultimate value with the SOC Prime Platform,
contact our Sales from the Platform's Upgrade page to discuss the details
of an Enterprise subscription that is right for your organization.
Can MSSPs or MDRs use an On Demand plan?
MSSPs/MDRs can buy an On Demand plan by contacting our Sales.
The self-serve purchase option on the SOC Prime Platform is not intended
for MSSPs/MDRs. We reserve the right to cancel an On Demand subscription
purchased by an MSSP/MDR in violation of these terms.
Can I cancel or refund my subscription?
Subscriptions can't be canceled or refunded. This is due to the nature
of our platform access, as you get direct access to cybersecurity
threat detection algorithms.
What if I switch from On Demand to Enterprise?
If you switch from On Demand to Enterprise, we will pro-rate
your unused months and content towards the Enterprise subscription
discount.
Can I switch from Premium (previous subscription model) to Enterprise?
You can switch to an Enterprise subscription any time by
contacting our Sales directly or using the Upgrade page in the
SOC Prime Platform.
Can I buy an On Demand plan right after registration?
Yes, you can.
How is my data protected?
SOC Prime is a GDPR-compliant company dedicated to protecting
the privacy of our customer data. We collect the user data within
the scope of the GDPR regulations driven by a single purpose to improve
the platform experience and thus, follow our mission to transform threat
detection while making it easier, faster, and more efficient.
Along with the data privacy imperative, SOC Prime recognizes and respects content ownership and the Intellectual Property Rights. Detection content made in the customer’s infrastructure based on the customer’s logs shall belong to the customer only.
SOC Prime’s information security practices, policies, operations, and procedures meet the relevant standards for secure data management, which is reflected in the dedicated Service Organization Control (SOC) 2 Type II auditor’s report.
To find out more about data protection practices and controls in each module of the SOC Prime Platform, see our dedicated Privacy page.
Along with the data privacy imperative, SOC Prime recognizes and respects content ownership and the Intellectual Property Rights. Detection content made in the customer’s infrastructure based on the customer’s logs shall belong to the customer only.
SOC Prime’s information security practices, policies, operations, and procedures meet the relevant standards for secure data management, which is reflected in the dedicated Service Organization Control (SOC) 2 Type II auditor’s report.
To find out more about data protection practices and controls in each module of the SOC Prime Platform, see our dedicated Privacy page.
Is paying with a card secure?
The entire process of payment takes place on Stripe.
Stripe has been audited by a PCI-certified auditor and is
certified to PCI Service Provider Level 1. This is the most
stringent level of certification available in the payments
industry. For more details, see Stripe's documentation.
Can I use the same card to buy subscription plans for different accounts?
Yes, you can buy On Demand subscription plans for different accounts with the same credit or debit card.
When I use up my rule balance, can I buy another On Demand plan?
Yes, you can buy another On Demand plan after using all the rules available under the previous one.
What if I buy another On Demand plan while my current one has not expired yet?
Your premium Sigma rule balance will include both the unused
remainder (if any) of the previous plan and the new amount
you've chosen. The remainder will be used first to unlock
Sigma rules. You'll keep access to all Sigma rules you've unlocked
under the previous plan (including updates) until the new plan expires.
What are the benefits of On Demand compared to Community?
With Community, your team can unlock up to 2 premium Sigma rules per month. Note that the balance of Sigma rules you can unlock can never exceed 2 rules, so if you do not use the 2 rules credited to your balance during the month, they expire.
With On Demand, you can unlock any premium Sigma rules of your choice using your prepaid balance of 50 to 1,000 Sigma rules. In addition, you get:
With On Demand, you can unlock any premium Sigma rules of your choice using your prepaid balance of 50 to 1,000 Sigma rules. In addition, you get:
- Ability to unlock a rule one day earlier than under a Community plan (2 vs. 3 days after release)
-
Features and modules for automation:
- Integration with one Data Plane for direct deployment in one click right from the rule's page
- One Search Profile to automatically tailor content search results and utilization insights to your infrastructure and MITRE ATT&CK® priorities
- One Custom Field Mapping profile to automatically customize rule translations according to non-standard field names and log data locations used in your data schema
-
Features and modules for analytics:
- Log Source Coverage to track your progress and identify gaps using insights into log source products, categories, and services covered over time based on the consumed content (top 3 log source products)
- MITRE ATT&CK Coverage to track your progress and identify gaps using insights into ATT&CK tactics, techniques, and sub-techniques covered over time based on the consumed content (top 3 tactics)
- Dashboard to track your team's progress and platform utilization benchmarked against your industry (for up to 1 month)
How does On Demand work?
With On Demand, you buy a prepaid balance of 50,
100, 200, 500, or 1,000 premium Sigma rules. Using
this balance, you can unlock any premium Sigma rules
of your choice published on the SOC Prime Platform.
It means that you can access the rules' code to deploy
or download its translations into supported formats.
You get access for 1 year with the additional benefit
of support and updates.
The rules become available for unlocking after 2 days since their release.
In addition, you get access to the automation and analytics features and modules. You can find their description in the plan comparison table on this page.
The rules become available for unlocking after 2 days since their release.
In addition, you get access to the automation and analytics features and modules. You can find their description in the plan comparison table on this page.
How does #sigma2savelives work?
#sigma2savelives is a special version of the On Demand subscription,
with 100% of its price donated to aid Ukraine's defense. SOC Prime
does not earn any money on this subscription, and it is created
to directly donate to support Ukraine's defense and save the
lives of Ukrainians. SOC Prime is not a non-profit organization,
and purchase does not count as tax exempts, we can not provide
any tax or legal documents for that.
From the technical perspective, by purchasing #sigma2savelives, you get instant access to the growing collection of 500+ rules to detect russian state APTs and on-demand access to 50 rules of your own choice. It means that you can access the rules' code to deploy or download their translations into supported formats as well as use the translations for threat hunting. You get access for 1 year with the additional benefit of support and updates.
From the technical perspective, by purchasing #sigma2savelives, you get instant access to the growing collection of 500+ rules to detect russian state APTs and on-demand access to 50 rules of your own choice. It means that you can access the rules' code to deploy or download their translations into supported formats as well as use the translations for threat hunting. You get access for 1 year with the additional benefit of support and updates.
How do I keep track of my on-demand Sigma rule balance?
You can always check your premium Sigma rule balance using
the counter displayed on any content item page, in Advanced
Search, Detection Engineering, MITRE ATT&CK®, and Quick Hunt,
as well as in the Account settings menu.
The balance is decreased by one each time you unlock a premium Sigma rule that is currently not available to you. The first time you unlock a rule, a confirmation modal is displayed notifying that you are going to use your on-demand Sigma rule balance. Later, the selected Sigma rules are unlocked automatically.
There are two ways to instantly unlock a Sigma rule:
During this 1-year period, you can download and deploy the unlocked Sigma rule and all its translations, as well as use them for hunting without any limitations (if you have the Quick Hunt module).
The balance is decreased by one each time you unlock a premium Sigma rule that is currently not available to you. The first time you unlock a rule, a confirmation modal is displayed notifying that you are going to use your on-demand Sigma rule balance. Later, the selected Sigma rules are unlocked automatically.
There are two ways to instantly unlock a Sigma rule:
- Open the Code tab on the rule page
- Click the Hunt button for the query based on the Sigma rule in Quick Hunt (if you have the module)
During this 1-year period, you can download and deploy the unlocked Sigma rule and all its translations, as well as use them for hunting without any limitations (if you have the Quick Hunt module).
How do I get answers to other questions?