platform plans
Streamline threat detection with one of our flexible plans.
All of our premium subscriptions can be tailored to your tech stack and security landscape to improve and simplify your threat detection.
PRO
For teams early in their threat detection maturity journey who want to add content to secops without adding more people.
Real-Time MITRE ATT&CK™ Coverage Mapping
Customized Threat Profile
Premium Content Feed Access (intelligence and high quality, pre-built correlation rules and hunt queries)
PLUS
For teams that have detection engineers and threat hunters and want to scale within threat hunts and threat detection processes.
Get everything in PRO, plus:
No-Code Detection Builder
Cloud-Based Sandbox
On-Prem, Portable Sandbox
COMPLETE
For the most mature teams who want to manage the entire detection development lifecycle (DDLC) with SnapAttack.
Get everything in PLUS, plus:
Threat Detection Validation Engine
Validation Script Builder
Expansion Packs
Detection Validation Framework
For organizations with no current validation capability that need to create and launch validation scripts to prove detection performance.
SIEM MIGRATION
For organizations migrating to a new SIEM and looking to quickly enhance their detection strategy.
User + Integration Expansion Pack
For organizations that require extra users and integrations covered in their SnapAttack plan.
Most popular with MSSPs
Not ready to commit? Try out our Community edition for individuals.
community
For individuals who want to learn and level up their detection game for free.
All base threat detection content for free
Advanced features such as integrations, attack capture lab, detection engineering, and validation only available starting at the Pro tier
benefits
Operationalize threat detection today with any of our plans.
All of our subscriptions can be tailored to your tech stack and security landscape to power up and streamline your threat detection. All SnapAttack plans include:
Automatic IOC + TTP hunting
Premium threat detection content updated every 6 hours
Integrations with your SIEM / EDR via API
Dashboards and reporting
One-click deployment
View MITRE ATT&CK coverage in real-time
PLATFORM
Click each feature to view more.
community
pro
plus
complete
The number of registered active users in your organization with full access to the SnapAttack SaaS platform.
1
3
5
10
The number of SIEMs or EDRs you can integrate with SnapAttack to streamline the deployment of detection rules and execute hunting queries.
0
2
2
2
INTELLIGENCE
Click each feature to view more.
Turn threat intelligence, provided by Mandiant/Google, into strategic and actionable insight through automatic and continuous prioritization of Threat Actors, Malware, Tools, and Vulnerabilities based on your organization’s unique attributes, such as Industries, Operating Regions, and Technology Stack.
View and leverage IOCs provided by Mandiant/Google Threat intelligence, organized by Threat Actor, Malware, Tool, and Vulnerability.
Automatically parse IOCs from free-form text, websites, and files, translate IOCs into queries usable in your SIEM/EDR, and search IOCS in your SIEM/EDR with one click.
Automatically summarize threat intelligence research articles from websites or files to gain quick insights and identify entities that are linked to detection content within SnapAttack.
DETECTIOn / HUNT
Click each feature to view more.
Skip the research and development phases of the detection development lifecycle by leveraging pre-written, tested, and enhanced community-sourced detection rules and hunting queries.
Detect an even broader range of both evergreen and new and emerging threats by leveraging detection rules and hunting queries developed on an ongoing basis by SnapAttack’s in-house Threat Research team.
Get more detections operational faster by automatically benchmarking all detections against your environment, determining real-world performance against your data, and identifying which detections to implement first.
Execute threat hunting queries in bulk as searches against multiple distinct SIEMs and EDRs. Review the results in SnapAttack and search across all previous hunts from one single pane of glass.
Deploy detection rules and execute threat hunting searches in multiple integrated SIEMs or EDRs in just two clicks.
REPORTS AND DASHBOARDS
Click each feature to view more.
Measure breadth and depth of MITRE ATT&CK detection coverage, scrutinize coverage by Technique & Sub-Technique priority level, and quickly deploy detections to fill the highest priority gaps.
Measure breadth and depth of detection coverage against prioritized Threat Actors, Malware, Tools, Techniques, and Vulnerabilities. Scrutinize coverage by threats by priority level, and quickly deploy detections to fill the highest priority gaps.
Easily identify, track, and action detections that have updates, deployment errors, and performance issues.
Assess and track your organization’s compliance with the security and privacy controls outlined in the NIST 800-53 framework.
RESEARCH AND DEVELOP
Click each feature to view more.
- Safely and easily research and capture end-point-based attack patterns, behaviors, and techniques with an on-demand hands-on-keyboard lab environment hosted by SnapAttack.
- Review end-point telemetry, video, keystrokes, and process graphs.
- Automatically identify applicable pre-existing detection rules from SnapAttack’s repository,
- Leverage captured telemetry to build and test your own detections using the No-Code Universal Detection Builder.
Bring the analytical power of SnapAttack’s Sandbox to your own research lab by installing the Portable Sandbox in your own environment.
Easily build simple detections from scratch or from sandbox events that can be translated to multiple SIEM and EDR languages without being an expert in any of them.
VALIDATE
Click each feature to view more.
Test detections in your environment by executing community sourced attack scripts that simulate atomic attacker behaviors.
Test detections in your environment by executing attack scripts created by SnapAttack’s in-house Threat Research team that simulate atomic attacker behavior.
Create your own custom attack scripts to simulate attacker behavior not already covered by SnapAttack’s existing repository.
Remotely execute attack scripts on victim machines running in your existing research lab, review the results, and document outcomes in one platform.
learn more
Frequently Asked Questions (FAQs)
While individuals such as detection engineers, threat hunters, threat researchers, students, and others do find value in our platform – the most efficiency gains and highest return on investment are felt by InfoSec teams that adopt our full suite of capabilities as a team (from CISOs & SOC Managers to Red & Blue teams).
Absolutely! Our Community Version is a great place to start. Click HERE to gain free access.
We integrate with over 35 of the leading SIEM & EDR/XDR platforms. Most of the industry’s favorites are already supported. You can see the full list here.
Some of our deepest integrations include Splunk, Azure Sentinel, Crowdstrike, SentinelOne, Chronicle, MDE and Elastic.
For unsupported integrations – we are always happy to consider expanding the integrations set based on customer request. When feasible, we can usually add integrations in 4-6 weeks.
There is some level of SOC maturity that we recommend in order to realize the most value out of our platform. That said, we’ve found that customers leverage the platform in different ways depending on where they stand in their journey through security operations maturity.
For those early in the journey, we enable junior analysts to advance their skillsets quickly, augment many of the red & blue team functions, and serve as a powerful content management feed for detection analytics, hunt queries, and threat emulations.
The more mature customer can leverage much more of our advanced toolset – red teamers lean on our Attack Capture Lab for attack emulation, detection engineers build and deploy analytics in our no-code detection builder, and purple teamers automate and collaborate with our Attack Plans.
Absolutely – our mission is to ensure you can get more value out of the teams and tools you already have. Tools like EDR, XDR & SIEM are supercharged and validated by SnapAttack’s platform.
Absolutely, and many do. While SnapAttack does offer advanced security validation capabilities, we lean heavily on this functionality to allow our customers to verify that their detection pipeline in the platform is validated and working as it should.
With this in mind, we have plenty of customers who leverage validation scripts from their existing BAS tool in the SnapAttack platform, and benefit greatly from our detection content and hunt queries in parallel.
We cover multiple use cases across the cybersecurity spectrum for anyone requiring a Proactive Threat Management Platform.
Enterprise & Public Sector CISOs, SOC Managers, Red & Blue Teams, Detection Engineers, Threat Hunters & Purple Teams find the most value from the SnapAttack platform.
MSSPs, Consultants & IR Firms also find tremendous value in delivering their services at scale, effectively and consistently across disparate tooling.
Absolutely! Once you’re in the app, you can create intelligence products by uploading a resource (PDF or link) to prepopulate your form or manually entering it in.
SnapAttack has log sources originating from Windows and Linux hosts.
Absolutely! When you input your native detections, your organization will even be credited for your threat hunting efforts (which affects your overall health score on the Detections Dashboard!).
SIGMA rules are synced with SnapAttack every six hours.
The SnapAttack platform supports “bulk ranking” which provides customized rankings based on your existing environment.