Loading . . .

Choose Your Plan

Collaborate to defend and transform threat detection together. Choose a plan that’s right for you: from free Community to On Demand access to Sigma rules to complete Enterprise capabilities for Detection as Code management, CI/CD pipelines, and automated MITRE ATT&CK® mapping.


Be a part of the largest cybersecurity community in history

Time-limited access to all content
30 hours saved per month
72-hour wait time after release
Download content that is less than 7 days old

On Demand #sigma2savelives

1-year access with support & updates for rules
Save 4,400 hours on threat research & rule coding
Instant access to 50 detections selected by you
*Instant access to 500+ detections vs russian APTs

On Demand Rules

1-year access with support & updates for rules
Save 200 hours on threat research & rule coding
Instant access to detection rules selected by you
1000% ROI compared to Professional Services


Access any content, improve threat hunting and detection engineering operations

1-3 year access, premium support & updates for rules
Save 19,200 hours on threat research & rule coding
Instant access to any detection rules (for alerts)
24-hour SLA on rules for any latest threats*
Automated rule deployment and data schema customization
Add-ons for MITRE ATT&CK®, threat hunting, detection engineering
Getting Started?
If you’d like to learn how to boost threat detection capabilties and increase threat hunting velocity faster and more efficiently than ever, explore SOC Prime’s Detection as Code platform. Get started for free to see in action how collaborative cyber defense shapes the future of threat detection.
Explore platform
Enterprise Solution
Enterprise plan gives your company a competitive advantage to act faster than attackers leveraging the collective cybersecurity expertise. Address the latest threats in less than 24 hours and save up to 360 hours per month on content R&D to maximize the value of your SOC operations.
Book a meeting
On Demand
Released rules become available for Threat Detection
On-demand instant access to a fixed number of rules selected by you
24-hour SLA for the latest threats
Days the rules are available for download via UI
1-year access to on-demand instant access rules
Days the rules are available for download via API
SIEM & EDR based recommendations
Sharing DSM profiles
Latest Threat Context availability
Industry-based recommendations
After 72 hours
After 72 hours
In 24 hours or instant
30 and more
Last 30 to 90 days
Daily limit for Threat Hunting web searches
Days after release rules stay available for Threat Hunting via web search
1-year access to on-demand rules for web search
Quick Hunt users
Uncoder CTI users
Automated Threat Hunting
2 hunts per day
Unmetered for selected rules
Per seat
Per Organization
Coming soon
ROI Dashboard
ATT&CK Coverage Dashboard
ATT&CK Navigator Export
ATT&CK Navigator Import
Log Source Coverage Dashboard
Dashboard data history
All Techniques
Coming in 2022
All Log Sources
5 years
Automate & Integrate
SIEM & EDR Tenants
Content Streaming UI & API
Jira integration
SNOW integration
3 included
Per tenant
Coming in 2022
Coming in 2022
Coming in 2022
User Management
Google Authentication
Apple Authentication
Okta integration
2FA only
2FA only
Coming in 2022
Coming in 2022
Coming in 2022
Coming in 2022
Direct support via Slack and Intercom
Email support
Slackbot support
Coming in 2022

Frequently Asked Questions

What forms of payment can I use?
On Demand: You can pay with your credit or debit card via Stripe.

Enterprise: Our Enterprise Sales Team will contact you to present the use cases and work on the business case and ROI with you. Once agreed, our Sales Team will provide you with a quote. When it's approved on your behalf, we will issue an invoice. Your company will be able to pay with a wire transfer, ACH, or check. You can also purchase Enterprise subscriptions via our channel partners.
We are in active sprint to launch the On Demand subscriptions as fast as we can, and commit to have them 100% live no later than April 20, 2022. If you've made a pre-order, we'll notify you by email as soon as they're ready for use.
On Demand: You pay the current price for one billing cycle with your credit or debit card via Stripe payment gateway. It's like making a purchase in an online store. At this time, we offer only the annual subscription. If you’re interested in monthly payments, please let us know via chat or email.

Enterprise: Contact our Sales, and our representative will reach out to you to discuss the details of a subscription plan that is right for your organization. The amount to be paid for a billing cycle depends on the agreed scope of Platform utilization.
On Demand: No worries, there is no auto-renewal. You buy the subscription for one billing cycle. To renew your subscription, simply make a new purchase. Note that the price of the subscription for the next billing cycle may change.

Enterprise: After the end of the billing cycle, your subscription will not renew automatically. To renew your Enterprise subscription or update its scope for the next billing cycle, contact our Sales at least 6 months prior to the renewal date.
If you work with your teammates using the SOC Prime Platform, they can utilize the rules you've bought as part of your On Demand subscription.

Still, this subscription is intended for individual use within a single company (no subdistribution or reselling). If you want your entire team to get the ultimate value with the SOC Prime Platform, contact our Sales from the Platform's Upgrade page to discuss the details of an Enterprise subscription that is right for your organization. If you plan to use On Demand subscription for delivering professional services, operate in MSSP or MDR company, please reach out to our Sales for partner program to join our leading channel program and benefit from joint marketing efforts, get a partnership status and a tiered discount program.
Subscriptions can't be canceled or refunded. This is due to the nature of our platform access, as you get direct access to cybersecurity threat detection algorithms.
If you switch from On Demand to Enterprise, we will pro-rate your unused months and content towards the Enterprise subscription discount.
You can switch to an Enterprise subscription any time by contacting our Sales directly or using the Upgrade page in the SOC Prime Platform.
Yes, you can.
SOC Prime is a GDPR-compliant company dedicated to protecting the privacy of our customer data. We collect the user data within the scope of the GDPR regulations driven by a single purpose to improve the platform experience and thus, follow our mission to transform threat detection while making it easier, faster, and more efficient.

Along with the data privacy imperative, SOC Prime recognizes and respects content ownership and the Intellectual Property Rights. Detection content made in the customer’s infrastructure based on the customer’s logs shall belong to the customer only.

SOC Prime’s information security practices, policies, operations, and procedures meet the relevant standards for secure data management, which is reflected in the dedicated Service Organization Control (SOC) 2 Type II auditor’s report.

To find out more about data protection practices and controls in each module of the SOC Prime Platform, see our dedicated Privacy page.
The entire process of payment takes place on Stripe. Stripe has been audited by a PCI-certified auditor and is certified to PCI Service Provider Level 1. This is the most stringent level of certification available in the payments industry. For more details, see Stripe's documentation.
Yes, you can buy On Demand subscriptions for different accounts with the same credit or debit card.
Yes, you can buy another On Demand subscription after using all the rules available under the previous one.
With Community, you get access to the latest content during a certain time window. It means that you have to wait for the content to become available for download and can no longer download it after its availability period ends.

On Demand lifts this time restriction for the amount of content included in the subscription. You instantly get access to the selected number of rules for 1 year with the additional benefit of support and updates.
With On Demand, you buy instant access to 50, 100, or 200 rules published to the SOC Prime Platform. You decide which rules to get instant access to. It means that you can deploy or download the selected number of rules as soon as they are released. No need to wait 72 hours. You also benefit from the 24 hour SLA for detecting the latest threats, a premium service that was previously available only to top-tier Enterprise customers. You get the access for 1 year with the additional benefit of support and updates.
#sigma2savelives is a special bundle of the On Demand subscription, 100% of which are donated to Come Back Alive Foundation. SOC Prime does not earn any money on this subscription, and it is created to directly donate to save lives in Ukraine. SOC Prime is not a non-profit organization, and purchase does not count as tax exempts, we can not provide any tax or legal documents for that. From the technical perspective, by purchasing #sigma2savelives, you get instant access to the growing collection of 500+ rules to detect russian state APTs and on-demand access to 50 rules of your own choice. It means that you can download the rules or deploy them via web search (using Quick Hunt module) as soon as they are released. No need to wait 72 hours. You also benefit from the 24 hour SLA for detecting the latest threats, a premium service that was previously available only to top-tier Enterprise customers. You get access for 1 year with the additional benefit of support and updates.
You can always check your on-demand Sigma rule balance on the counter displayed on any content item page and in Quick Hunt.

The balance is decreased by one each time you unlock a Sigma rule that is currently not available to you (the rule has just been released or your access has already expired). The first time you unlock a Sigma rule, a confirmation modal is displayed notifying that you are going to use your on-demand Sigma rule balance. Later, the selected Sigma rules are unlocked automatically.

There are two ways to instantly unlock a Sigma rule:

  • Open the Code tab on the rule page
  • Click the Hunt button for the query based on the Sigma rule in Quick Hunt

Either of these actions instantly gives you full access to the Sigma rule and all its translations. You get access for 1 year with full support and updates.

During this 1-year period, you can download and deploy the unlocked Sigma rule and all its translations, as well as use them for hunting without any limitations.
Contact us in the live chat or write a message to support@socprime.com.