platform plans
Streamline threat detection with one of our flexible plans.
PRO
Enhance threat detection with curated content developed by experts.
Premium validated, behavioral threat detection content
Thousands of real-time attack sessions
Custom dashboards
Up to 2 SIEM + EDR integrations
Next-gen threat intelligence
PLUS
Accelerate your ability to develop detection content with expert and open-source threat research.
All the benefits of our Pro tier plus:
Accelerate custom content development and build detections-as-code
Emulate attacks in-app or in your environment
Equip your existing security validation platform
COMPLETE
For large organizations in either the public sector or private sector who want access to all of SnapAttack’s platform capabilities.
All the benefits of our Plus tier plus:
Build and launch control validation scripts
Expansion Packs
Security Control Validation Engine
For organizations with no current validation capability that need to create and launch validation scripts to prove detection performance.
User + Integration Expansion Pack
For organizations that require extra users and integrations covered in their SnapAttack plan.
Most popular with MSSPs
Not ready to commit? Try out our Community edition for individuals.
community
For individuals who want to learn and level up their detection game for free.
All base threat detection content for free
Advanced features such as integrations, attack capture lab, detection engineering, and validation only available starting at the Pro tier
benefits
Operationalize threat detection today with any of our plans.
All of our subscriptions can be tailored to your tech stack and security landscape to power up and streamline your threat detection. All SnapAttack plans include:
Automatic IOC + TTP hunting
Premium threat detection content updated every 6 hours
Integrations with your SIEM / EDR via API
Dashboards and reporting
One-click deployment
View MITRE ATT&CK coverage in real-time
platform
community
pro
plus
complete
1,000s of pieces of open source threat intelligence, validated detections, and attack sessions from the SnapAttack threat research team.
Thousands of additional premium and open source threat intelligence, validated detections, and attack sessions, exclusive to our subscribers.
Enhance automation workflows to search across or export detection content directly into your integrated SIEMs and EDRs.
intelligence
Copy and paste an article or URL into the platform to automatically pull out metadata like Threat Actor references, MITRE ATT&CK IDs, IOCs and more, directly into SnapAttack’s intelligence platform.
Insert text from any source to automatically pull out IOCs, and let SnapAttack tell you which are most relevant to you. Then, hunt in your integrated SIEM or EDR with just one click right from the same screen.
detection / hunt
Translate detections into any query language at the click of a button so you can deploy them anywhere you need to, as many times as you need to.
See the total volume of detection content in SnapAttack, including threat intelligence, validated detections, and attack sessions.
Autonomously run every detection in SnapAttack against your environment in silent mode to tailor the scoring to your datasets and unique environmental variables, identifying logging gaps and improving detection outcomes.
Measure team effectiveness with your threat preparedness score, an attack coverage percentage, and MITRE coverage mapped against detections deployed into your environment.
Leverage the thousands of pre-curated Collections we’ve built and let SnapAttack tell you which are most relevant to you. Then, hunt in just one click right from the same screen.
A detection IDE that allows you to build validated, high-confidence detections with no coding knowledge necessary.
Build attack plans from our existing validation scripts, or build your own and simulate real-world attacks to put your environment to the test.
threat library
Test attacks in a sandbox environment available on-demand, complete with victim and attacker machines. Review captured telemetry in the resulting attack sessions to understand relevant forensic artifacts, find recommended detections, or build your own.
A portable capattack to install in your existing threat emulation lab, allowing your existing environment to benefit from the power of SnapAttack’s detection recommendations and streamlined detection development.
Create your own validation scripts based upon the Atomic Red Team framework with our Attack IDE to validate detections and put your network to the test.
reports
Measure your security coverage and confidence against the MITRE ATT&CK matrix, either at the macro level, or at a deeply granular level, directly in SnapAttack.
Measure the threat preparedness of your existing SIEMs and EDRs and understand which tools are doing the heavy lifting. Reveal your SOC’s capacity, discover which resources you need more of or can get rid of, and gain the data to back it up to your board.
Gain visibility into your team’s accomplishments, like how many threat intel objects they’ve created or viewed, how many threats they’ve been captured, which TTPs and IOCs they’ve hunted, and more.
community
platform
The number of seats you get on your SnapAttack team account.
1,000s of pieces of open source threat intelligence, validated detections, and attack sessions from the SnapAttack threat research team.
detection / hunt
Translate detections into any query language at the click of a button so you can deploy them anywhere you need to, as many times as you need to.
See the total volume of detection content in SnapAttack, including threat intelligence, validated detections, and attack sessions.
pro
platform
The number of seats you get on your SnapAttack team account.
The number of SIEMs or EDRs you can integrate with SnapAttack.
1,000s of pieces of open source threat intelligence, validated detections, and attack sessions from the SnapAttack threat research team.
Thousands of additional premium and open source threat intelligence, validated detections, and attack sessions, exclusive to our subscribers.
Enhance automation workflows to search across or export detection content directly into your integrated SIEMs and EDRs.
intelligence
Copy and paste an article or URL into the platform to automatically pull out metadata like Threat Actor references, MITRE ATT&CK IDs, IOCs and more, directly into SnapAttack’s intelligence platform.
Insert text from any source to automatically pull out IOCs, and let SnapAttack tell you which are most relevant to you. Then, hunt in your integrated SIEM or EDR with just one click right from the same screen.
detection / hunt
Translate detections into any query language at the click of a button so you can deploy them anywhere you need to, as many times as you need to.
Autonomously run every detection in SnapAttack against your environment in silent mode to tailor the scoring to your datasets and unique environmental variables, identifying logging gaps and improving detection outcomes.
Deploy detections to any SIEM or EDR instantly in just one click.
Measure team effectiveness with your threat preparedness score, an attack coverage percentage, and MITRE coverage mapped against detections deployed into your environment.
Leverage the thousands of pre-curated Collections we’ve built and let SnapAttack tell you which are most relevant to you. Then, hunt in just one click right from the same screen.
See the total volume of detection content in SnapAttack, including threat intelligence, validated detections, and attack sessions.
reports
Measure your security coverage and confidence against the MITRE ATT&CK matrix, either at the macro level, or at a deeply granular level, directly in SnapAttack.
Measure the threat preparedness of your existing SIEMs and EDRs and understand which tools are doing the heavy lifting. Reveal your SOC’s capacity, discover which resources you need more of or can get rid of, and gain the data to back it up to your board.
Gain visibility into your team’s accomplishments, like how many threat intel objects they’ve created or viewed, how many threats they’ve been captured, which TTPs and IOCs they’ve hunted, and more.
plus
platform
The number of seats you get on your SnapAttack team account.
The number of SIEMs or EDRs you can integrate with SnapAttack.
1,000s of pieces of open source threat intelligence, validated detections, and attack sessions from the SnapAttack threat research team.
Thousands of additional premium and open source threat intelligence, validated detections, and attack sessions, exclusive to our subscribers.
Enhance automation workflows to search across or export detection content directly into your integrated SIEMs and EDRs.
intelligence
Copy and paste an article or URL into the platform to automatically pull out metadata like Threat Actor references, MITRE ATT&CK IDs, IOCs and more, directly into SnapAttack’s intelligence platform.
Insert text from any source to automatically pull out IOCs, and let SnapAttack tell you which are most relevant to you. Then, hunt in your integrated SIEM or EDR with just one click right from the same screen.
detection / hunt
A detection IDE that allows you to build validated, high-confidence detections with no coding knowledge necessary.
Translate detections into any query language at the click of a button so you can deploy them anywhere you need to, as many times as you need to.
Autonomously run every detection in SnapAttack against your environment in silent mode to tailor the scoring to your datasets and unique environmental variables, identifying logging gaps and improving detection outcomes.
Deploy detections to any SIEM or EDR instantly in just one click.
Measure team effectiveness with your threat preparedness score, an attack coverage percentage, and MITRE coverage mapped against detections deployed into your environment.
Leverage the thousands of pre-curated Collections we’ve built and let SnapAttack tell you which are most relevant to you. Then, hunt in just one click right from the same screen.
See the total volume of detection content in SnapAttack, including threat intelligence, validated detections, and attack sessions.
threat library
Test attacks in a sandbox environment available on-demand, complete with victim and attacker machines. Review captured telemetry in the resulting attack sessions to understand relevant forensic artifacts, find recommended detections, or build your own.
A portable capattack to install in your existing threat emulation lab, allowing your existing environment to benefit from the power of SnapAttack’s detection recommendations and streamlined detection development.
reports
Measure your security coverage and confidence against the MITRE ATT&CK matrix, either at the macro level, or at a deeply granular level, directly in SnapAttack.
Measure the threat preparedness of your existing SIEMs and EDRs and understand which tools are doing the heavy lifting. Reveal your SOC’s capacity, discover which resources you need more of or can get rid of, and gain the data to back it up to your board.
Gain visibility into your team’s accomplishments, like how many threat intel objects they’ve created or viewed, how many threats they’ve been captured, which TTPs and IOCs they’ve hunted, and more.
complete
platform
The number of seats you get on your SnapAttack team account.
The number of SIEMs or EDRs you can integrate with SnapAttack.
1,000s of pieces of open source threat intelligence, validated detections, and attack sessions from the SnapAttack threat research team.
Thousands of additional premium and open source threat intelligence, validated detections, and attack sessions, exclusive to our subscribers.
Enhance automation workflows to search across or export detection content directly into your integrated SIEMs and EDRs.
intelligence
Copy and paste an article or URL into the platform to automatically pull out metadata like Threat Actor references, MITRE ATT&CK IDs, IOCs and more, directly into SnapAttack’s intelligence platform.
Insert text from any source to automatically pull out IOCs, and let SnapAttack tell you which are most relevant to you. Then, hunt in your integrated SIEM or EDR with just one click right from the same screen.
detection / hunt
A detection IDE that allows you to build validated, high-confidence detections with no coding knowledge necessary.
Translate detections into any query language at the click of a button so you can deploy them anywhere you need to, as many times as you need to.
Autonomously run every detection in SnapAttack against your environment in silent mode to tailor the scoring to your datasets and unique environmental variables, identifying logging gaps and improving detection outcomes.
Deploy detections to any SIEM or EDR instantly in just one click.
Build attack plans from our existing validation scripts, or build your own and simulate real-world attacks to put your environment to the test.
Measure team effectiveness with your threat preparedness score, an attack coverage percentage, and MITRE coverage mapped against detections deployed into your environment.
Leverage the thousands of pre-curated Collections we’ve built and let SnapAttack tell you which are most relevant to you. Then, hunt in just one click right from the same screen.
See the total volume of detection content in SnapAttack, including threat intelligence, validated detections, and attack sessions.
threat library
Test attacks in a sandbox environment available on-demand, complete with victim and attacker machines. Review captured telemetry in the resulting attack sessions to understand relevant forensic artifacts, find recommended detections, or build your own.
Create your own validation scripts based upon the Atomic Red Team framework with our Attack IDE to validate detections and put your network to the test.
A portable capattack to install in your existing threat emulation lab, allowing your existing environment to benefit from the power of SnapAttack’s detection recommendations and streamlined detection development.
reports
Measure your security coverage and confidence against the MITRE ATT&CK matrix, either at the macro level, or at a deeply granular level, directly in SnapAttack.
Measure the threat preparedness of your existing SIEMs and EDRs and understand which tools are doing the heavy lifting. Reveal your SOC’s capacity, discover which resources you need more of or can get rid of, and gain the data to back it up to your board.
Gain visibility into your team’s accomplishments, like how many threat intel objects they’ve created or viewed, how many threats they’ve been captured, which TTPs and IOCs they’ve hunted, and more.
why snapattack?
Power up your toolkit with dozens of direct integrations.
Integrations
With over 30+ direct integrations with the most common SIEM, EDR, or XDR tools, SnapAttack makes one-click deployment simple. And, we’re adding more every day. If you don’t see your tools here, let’s chat. More on integrations >
Partners
FEATURED CONTENT
Our eBook, “Streamlining the Threat Detection Development Lifecycle with SnapAttack,” details each step in the detection development lifecycle and how SnapAttack can help companies streamline the entire workflow from start to finish. Read it here.
learn more
Frequently Asked Questions (FAQs)
While individuals such as detection engineers, threat hunters, threat researchers, students, and others do find value in our platform – the most efficiency gains and highest return on investment are felt by InfoSec teams that adopt our full suite of capabilities as a team (from CISOs & SOC Managers to Red & Blue teams).
Absolutely! Our Community Version is a great place to start. Click HERE to gain free access.
We integrate with over 35 of the leading SIEM & EDR/XDR platforms. Most of the industry’s favorites are already supported. You can see the full list here.
Some of our deepest integrations include Splunk, Azure Sentinel, Crowdstrike, SentinelOne, Chronicle, MDE and Elastic.
For unsupported integrations – we are always happy to consider expanding the integrations set based on customer request. When feasible, we can usually add integrations in 4-6 weeks.
There is some level of SOC maturity that we recommend in order to realize the most value out of our platform. That said, we’ve found that customers leverage the platform in different ways depending on where they stand in their journey through security operations maturity.
For those early in the journey, we enable junior analysts to advance their skillsets quickly, augment many of the red & blue team functions, and serve as a powerful content management feed for detection analytics, hunt queries, and threat emulations.
The more mature customer can leverage much more of our advanced toolset – red teamers lean on our Attack Capture Lab for attack emulation, detection engineers build and deploy analytics in our no-code detection builder, and purple teamers automate and collaborate with our Attack Plans.
Absolutely – our mission is to ensure you can get more value out of the teams and tools you already have. Tools like EDR, XDR & SIEM are supercharged and validated by SnapAttack’s platform.
Absolutely, and many do. While SnapAttack does offer advanced security validation capabilities, we lean heavily on this functionality to allow our customers to verify that their detection pipeline in the platform is validated and working as it should.
With this in mind, we have plenty of customers who leverage validation scripts from their existing BAS tool in the SnapAttack platform, and benefit greatly from our detection content and hunt queries in parallel.
We cover multiple use cases across the cybersecurity spectrum for anyone requiring a Proactive Threat Management Platform.
Enterprise & Public Sector CISOs, SOC Managers, Red & Blue Teams, Detection Engineers, Threat Hunters & Purple Teams find the most value from the SnapAttack platform.
MSSPs, Consultants & IR Firms also find tremendous value in delivering their services at scale, effectively and consistently across disparate tooling.
Absolutely! Once you’re in the app, you can create intelligence products by uploading a resource (PDF or link) to prepopulate your form or manually entering it in.
SnapAttack has log sources originating from Windows and Linux hosts.
Absolutely! When you input your native detections, your organization will even be credited for your threat hunting efforts (which affects your overall health score on the Detections Dashboard!).
SIGMA rules are synced with SnapAttack every six hours.
The SnapAttack platform supports “bulk ranking” which provides customized rankings based on your existing environment.