Pricing

Per-analyst pricing. No per-endpoint overhead.

Unlike MDR platforms that charge per endpoint, Sockindle charges per analyst seat — aligned with how SOC teams are actually staffed. Transparent pricing for Analyst and SOC tiers. Enterprise is custom.

$790/analyst/mo (annual)
14-dayFree trial, no CC required

Choose the tier that fits your team.

Monthly Annual Save ~11%
Analyst
For individual analysts and small teams
$890 /analyst/month
Billed monthly per analyst
Includes
  • Up to 3 analyst seats
  • 1 SIEM source
  • Autonomous hunt loops
  • IOC enrichment (100K/month)
  • MITRE ATT&CK mapping
  • 14-day trial included
Start trial
Most Popular
SOC
For mid-size SOC teams
$2,400 /month flat
Billed monthly, flat rate up to 12 seats
Everything in Analyst, plus
  • Up to 12 analyst seats
  • 3 SIEM sources
  • Unlimited hunt loops
  • IOC enrichment (1M/month)
  • Playbook automation (50 playbooks)
  • TI report generation
  • Slack/PagerDuty alerting
  • Priority support
Start trial
Enterprise
Federal, healthcare, and large enterprise
Custom
Talk to our team
Everything in SOC, plus
  • Unlimited analyst seats
  • Unlimited SIEM sources
  • Custom hunt logic
  • FedRAMP-adjacent controls
  • Non-US data residency options
  • White-glove onboarding
  • Dedicated threat analyst support
  • Custom SLAs
Talk to an analyst

Pricing FAQ

MDR platforms charge per endpoint because they manage the tooling. Sockindle is an AI layer on top of your existing SIEM — your analysts still run the SOC, Sockindle handles the tier-1 volume. Per-analyst-seat pricing aligns with how SOC teams are staffed and budgeted, not with your endpoint count.
A SIEM source is one connected SIEM or EDR platform — e.g., Splunk counts as one source. Connecting both Splunk and CrowdStrike Falcon is two sources. Analyst tier supports 1 source; SOC tier supports 3; Enterprise tier is unlimited.
Hunt loops continue running — enrichment queries beyond the monthly cap are queued and processed when the quota resets at the next billing cycle. Critical-severity alerts are always enriched; lower-severity items are queued. You'll receive a notification when approaching the cap.
Monthly billing is month-to-month with no long-term commitment. Annual billing saves approximately 11-13% depending on tier and provides a predictable budget line. Enterprise tier contracts are custom — typically 12-36 month terms with SLA guarantees.
Full Analyst tier features — 1 SIEM connection, autonomous hunt loops, IOC enrichment (capped at 20K during trial), MITRE ATT&CK mapping, and coverage report generation. No credit card required to start. Enterprise trial available by request for federal/healthcare environments requiring custom data handling agreements.