Loading . . .

Choose Your Plan

Collaborate to defend and transform threat detection together. Choose a plan that’s right for you: from free Community to On Demand access to Sigma rules to complete Enterprise capabilities for Detection as Code management, CI/CD pipelines, and automated MITRE ATT&CK® mapping.
For basic access to the Detection as Code repo with limited amount of Sigma Rules
Join for Free
Up to 96 h/year saved on research & coding
Released Rules available for use in 3 days
  • Up to 2 premium Sigma Rules per month
  • Full-text and Lucene Rule search
On Demand
For small to medium teams with one security platform
Get Started Now
Up to 4,000 h/year saved on research & coding
Released Rules available for use in 2 days
  • Custom amount of premium Sigma Rules
  • Full-text and Lucene Rule search
  • Basic single-tenant automation
  • Analytics for top 3 log sources & 3 tactics
  • Best-effort support
For large organizations with multiple security platforms or infrastructures
Get Started Now
Up to 10,000 h/year saved on research & coding
Released Rules available for use in 1 day or instantly
  • Custom amount of premium Sigma Rules
  • Full-text and Lucene Rule search
  • Advanced multi-tenant automation
  • Analytics for 2,000+log sources and complete ATT&CK framework
  • Complete enterprise support with optional 24-hour SLA
  • A dedicated manager and Success Plan
  • Team collaboration and user management
50 rules of your choice
Instant access to 500+ detections against russian APTs
100% donated to aid Ukraine's defense
Make anyone in your organization a threat hunter
Generate unlimited IoC-based queries using the latest reports & advisories
Engineer and convert detections swiftly and smartly
Professional Services
Boost your subscription plan with our Expertise as a Service
Services for every business case
Wide range from audits to training
They Trust Us
On Demand
Free Sigma rules
Smart rule recommendations
Premium Sigma rules
Waiting time, days
Instant Access
Content Lists
Nextron's Rule Set
2 per month
Add On
On Demand
Advanced Search
Detection Engineering
Attack Detective
Quick Hunt
Uncoder AI
Uncoder CTI
Continuous Content Management
Custom Field Mapping
Search Profiles
Data Planes
Log Source Coverage
Full as add-on
Full as add-on
Full as add-on
Full as add-on
Full as add-on
On Demand
Two-factor authentication
User management
On Demand
Direct support via email, Slack, and live chat
Prioritized email support
Dedicated Manager
Success Plan and QBRs

Frequently Asked Questions

What forms of payment can I use?
On Demand: You have two options:

1. Pay instantly with your credit or debit card via Stripe.
2. Get an invoice and pay with a wire transfer or ACH.

Enterprise: Our Enterprise Sales Team will contact you to present the use cases and work on the business case and ROI with you. Once agreed, our Sales Team will provide you with a quote. When it's approved on your behalf, we will issue an invoice. Your company will be able to pay with a wire transfer, ACH, or check. You can also purchase Enterprise subscriptions via our channel partners.
If you pay with card, your plan will be activated automatically right away. It may take several minutes for all changes to become effective. If you pay using an invoice, your plan will be activated after we receive the payment. Should you have any questions, contact us at support@socprime.com or in the live chat on the SOC Prime Platform.
On Demand: You pay the current price for one billing cycle with your credit or debit card via Stripe payment gateway, or using an invoice. It's like making a purchase in an online store. At this time, we offer only the annual subscription. If you’re interested in monthly payments, please let us know via chat or email.

Enterprise: Contact our Sales, and our representative will reach out to you to discuss the details of a subscription plan that is right for your organization. The amount to be paid for a billing cycle depends on the agreed scope of Platform utilization.
On Demand: No worries, there is no auto-renewal. You buy the subscription for one billing cycle. To renew your subscription, simply make a new purchase. Note that the price of the subscription for the next billing cycle may change.

Enterprise: After the end of the billing cycle, your subscription will not renew automatically. To renew your Enterprise subscription or update its scope for the next billing cycle, contact our Sales at least 6 months prior to the renewal date.
Yes, they can. Any user that is part of your organization can use the prepaid rule balance and utilize unlocked rules. If you want your entire team to get the ultimate value with the SOC Prime Platform, contact our Sales from the Platform's Upgrade page to discuss the details of an Enterprise subscription that is right for your organization.
MSSPs/MDRs can buy an On Demand plan by contacting our Sales. The self-serve purchase option on the SOC Prime Platform is not intended for MSSPs/MDRs. We reserve the right to cancel an On Demand subscription purchased by an MSSP/MDR in violation of these terms.
Subscriptions can't be canceled or refunded. This is due to the nature of our platform access, as you get direct access to cybersecurity threat detection algorithms.
If you switch from On Demand to Enterprise, we will pro-rate your unused months and content towards the Enterprise subscription discount.
You can switch to an Enterprise subscription any time by contacting our Sales directly or using the Upgrade page in the SOC Prime Platform.
Yes, you can.
SOC Prime is a GDPR-compliant company dedicated to protecting the privacy of our customer data. We collect the user data within the scope of the GDPR regulations driven by a single purpose to improve the platform experience and thus, follow our mission to transform threat detection while making it easier, faster, and more efficient.

Along with the data privacy imperative, SOC Prime recognizes and respects content ownership and the Intellectual Property Rights. Detection content made in the customer’s infrastructure based on the customer’s logs shall belong to the customer only.

SOC Prime’s information security practices, policies, operations, and procedures meet the relevant standards for secure data management, which is reflected in the dedicated Service Organization Control (SOC) 2 Type II auditor’s report.

To find out more about data protection practices and controls in each module of the SOC Prime Platform, see our dedicated Privacy page.
The entire process of payment takes place on Stripe. Stripe has been audited by a PCI-certified auditor and is certified to PCI Service Provider Level 1. This is the most stringent level of certification available in the payments industry. For more details, see Stripe's documentation.
Yes, you can buy On Demand subscription plans for different accounts with the same credit or debit card.
Yes, you can buy another On Demand plan after using all the rules available under the previous one.
Your premium Sigma rule balance will include both the unused remainder (if any) of the previous plan and the new amount you've chosen. The remainder will be used first to unlock Sigma rules. You'll keep access to all Sigma rules you've unlocked under the previous plan (including updates) until the new plan expires.
With Community, your team can unlock up to 2 premium Sigma rules per month. Note that the balance of Sigma rules you can unlock can never exceed 2 rules, so if you do not use the 2 rules credited to your balance during the month, they expire.

With On Demand, you can unlock any premium Sigma rules of your choice using your prepaid balance of 50 to 1,000 Sigma rules. In addition, you get:
  • Ability to unlock a rule one day earlier than under a Community plan (2 vs. 3 days after release)
  • Features and modules for automation:
    • Integration with one Data Plane for direct deployment in one click right from the rule's page
    • One Search Profile to automatically tailor content search results and utilization insights to your infrastructure and MITRE ATT&CK® priorities
    • One Custom Field Mapping profile to automatically customize rule translations according to non-standard field names and log data locations used in your data schema
  • Features and modules for analytics:
    • Log Source Coverage to track your progress and identify gaps using insights into log source products, categories, and services covered over time based on the consumed content (top 3 log source products)
    • MITRE ATT&CK Coverage to track your progress and identify gaps using insights into ATT&CK tactics, techniques, and sub-techniques covered over time based on the consumed content (top 3 tactics)
    • Dashboard to track your team's progress and platform utilization benchmarked against your industry (for up to 1 month)
With On Demand, you buy a prepaid balance of 50, 100, 200, 500, or 1,000 premium Sigma rules. Using this balance, you can unlock any premium Sigma rules of your choice published on the SOC Prime Platform. It means that you can access the rules' code to deploy or download its translations into supported formats. You get access for 1 year with the additional benefit of support and updates.

The rules become available for unlocking after 2 days since their release.
In addition, you get access to the automation and analytics features and modules. You can find their description in the plan comparison table on this page.
#sigma2savelives is a special version of the On Demand subscription, with 100% of its price donated to aid Ukraine's defense. SOC Prime does not earn any money on this subscription, and it is created to directly donate to support Ukraine's defense and save the lives of Ukrainians. SOC Prime is not a non-profit organization, and purchase does not count as tax exempts, we can not provide any tax or legal documents for that.

From the technical perspective, by purchasing #sigma2savelives, you get instant access to the growing collection of 500+ rules to detect russian state APTs and on-demand access to 50 rules of your own choice. It means that you can access the rules' code to deploy or download their translations into supported formats as well as use the translations for threat hunting. You get access for 1 year with the additional benefit of support and updates.
You can always check your premium Sigma rule balance using the counter displayed on any content item page, in Advanced Search, Detection Engineering, MITRE ATT&CK®, and Quick Hunt, as well as in the Account settings menu.

The balance is decreased by one each time you unlock a premium Sigma rule that is currently not available to you. The first time you unlock a rule, a confirmation modal is displayed notifying that you are going to use your on-demand Sigma rule balance. Later, the selected Sigma rules are unlocked automatically.

There are two ways to instantly unlock a Sigma rule:
  • Open the Code tab on the rule page
  • Click the Hunt button for the query based on the Sigma rule in Quick Hunt (if you have the module)
Either of these actions instantly gives you full access to the Sigma rule and all its translations. You get access for 1 year with full support and updates.

During this 1-year period, you can download and deploy the unlocked Sigma rule and all its translations, as well as use them for hunting without any limitations (if you have the Quick Hunt module).

Contact us in the live chat or write a message to support@socprime.com.