We offer innovative consolidated architecture + flexible plans to help you get maximum operational efficiency and unmatched ROI.
SOCRadar offers four different subscription plans (Standard, Professional, Enterprise, and Premium) that will fit your digital risk and threat monitoring requirements. The available features (or the nature of features) vary in each plan for different product types. Below, compare subscription plans for any product.
Take your SOCRadar XTI experience to the next level with the Premium Plan.
More users, credits, resources, and intelligence.
| Feature | Standard | Professional | Enterprise | Premium |
|---|---|---|---|---|
| Platform access | 1 user | 3 users | 20 users | Talk to sales |
| On-time email alerting | ✅ | ✅ | ✅ | |
| 2FA login support | ✅ | ✅ | ✅ | |
| IP restriction for portal access
(White listing) |
✅ | ✅ | ✅ | |
| Incident response playbook | ✅ | ✅ | ✅ | |
| Platform support | 8/5 via platform, no SLA | 8/5 via platform and email | 7/24 via platform, email, and phone | |
| SOCRadar user training | Video material | Video material | On-demand | |
| Role-based alert support | ✅ | ✅ | ||
| Customer success support
(On-demand) |
Quarterly | Every 2 months | ||
| Analyst support
(False-positive elimination for incidents) |
✅ | ✅ | ||
| Integration | Incident integration | Incident/Threat feeds & IOCs integration | ||
| Threat research on non-English sources
(e.g.,. Chinese, Russian, Arabic speaking forums, etc.) |
✅ | |||
| Scheduled automated reporting | ✅ | |||
| Certified threat intelligence analyst training
(On-demand) |
✅ | |||
| Dedicated analyst support | ✅ | |||
| Asset optimization
(Quarterly) |
✅ | |||
| New release feature training | ✅ |
| Feature | Standard | Professional | Enterprise | Premium |
|---|---|---|---|---|
| Threat investigation
(ThreatHose) |
100 queries/month | 250 queries/month | 1500 queries/month | Talk to sales |
| Manual malware analysis | 1 upload/month | 2 uploads/month | 10 uploads/month | |
| Historical threat intelligence data | ✅ | ✅ | ✅ | |
| Automated malware analysis | ✅ | ✅ | ✅ | |
| Vulnerability tracking | ✅ | ✅ | ✅ | |
| CyberSec news and subscription | ✅ | ✅ | ✅ | |
| Regional intelligence
(ThreatShare) |
✅ | ✅ | ✅ | |
| Deep web and darknet news | ✅ | ✅ | ✅ | |
| Cyber threat report access | ✅ | ✅ | ✅ | |
| Threat actor monitoring & reporting | ✅ | ✅ | ||
| Threat feeds / IOCs portal access | ✅ | ✅ | ||
| Threat feeds / IOCs integration
(Endpoint security solutions, SIEM, etc.) |
Basic integration
(CSV support) |
API, MISP, STIX and TAXII, etc. |
| Feature | Standard | Professional | Enterprise |
|---|---|---|---|
| PII detection | Employee & customer credentials
(username/password) |
Employee & customer credentials
(username/password) |
Employee & customer credentials
(username/password) |
| VIP protection | Breach credential detection | Breach credential detection | Breach credential detection |
| Phishing domain detection and tracking | Domain detection only | Domain detection and tracking | Real-time domain and subdomain detection
and Tracking |
| Integrated Takedown
(for phishing domains, rogue mobile apps, and Github accounts) |
Requires Credit Purchase
On-demand |
Requires Credit Purchase
On-demand |
5 credits |
| Social media monitoring | Twitter only
(Up to 5 additional keywords) |
Twitter only | Twitter only |
| Reputation monitoring | IP reputation | IP, SMTP server, and domain reputation | IP, SMTP server, and domain reputation |
| Darknet / Deep web and hacker channel monitoring
(+ Darknet / Deep web credits) |
Paste sites only | Paste sites, hacker forums, IM platforms, etc. | Paste sites, hacker forums, IM platforms, etc.
+ 500 Credits |
| Fraud detection | Credit card detection | Credit card, fraud content, and loyalty card detection | |
| Impersonating social media account detection | Instagram/YouTube/Twitter | Instagram/YouTube/Twitter
+ (On-demand) |
|
| Rogue/fake mobile application detection | Rogue mobile application detection | Rogue mobile application detection | |
| Surface web monitoring | Code repository, public storage, and malware analysis monitoring | Code repository, public storage, malware analysis, and suspicious content monitoring
(in Trelllo, Webrazzi, etc.) |
| Feature | Standard | Professional | Enterprise | Premium |
|---|---|---|---|---|
| Digital asset* discovery and monitoring | Monthly | Weekly | Daily | Talk to sales |
| Network vulnerability intelligence | ✅ | ✅ | ✅ | |
| SSL vulnerability intelligence | ✅ | ✅ | ✅ | |
| Third-party library vulnerability intelligence | ✅ | ✅ | ✅ | |
| Critical information disclosure | Only repo visibility monitoring | ✅ | ✅ | |
| Network security monitoring | Critical port discovery | Critical port discovery | Critical port discovery
+ Active port scan |
|
| Mail server security check | Once a quarter | Once a month | ||
| Website security check | Once a quarter | Once a month | ||
| DDoS protection check | Once a quarter | Once a month | ||
| VIP / C-level personal and corporate email discovery | ✅ | |||
| SSL security monitoring | ✅ | |||
| Vulnerability validation
(Analyst support) |
✅ | |||
| Active vulnerability scan | Once a month |
* Digital assets include domains, subdomains, related domains, SSL certificates, websites, IP addresses, ports, DNS records, technologies, mobile apps, social accounts, perimeter devices, appliances, cloud services, websites, and login pages.
Based on my experience for over 20 year, we got what we needed to move forward in terms of improving our security posture and reducing our dynamic attack surface.
It is a perfect solution for all-in-one threat intelligence and digital risk protection. We've seen that we can automate many routine SOC analyst tasks with SOCRadar while getting relevant, false-positive free alerts.
It's a great tool to monitor all potential risks to our cyber security infrastructure ranging from ransomware to credential stuffing attacks. It monitors almost every blind spot which may turn into data breaches and provide us with contextualized intelligence.
