Home/Pricing

Pricing

Every plan includes the whole platform - every CVE, actor, technique, detection rule, IOC feed, compliance crosswalk, and attack-path export. Plans differ only by how many systems (hosts) you monitor. Paid billing is launching soon.

Free for professionals Monitor up to 3 systems you personally own at no cost - the full engine, no trial clock, no card. Need more systems, or a live email the moment a new CVE hits your stack? Pro is just $9 a year - which keeps this project independent and ad-free.
Free
$0
3 systems
Full platform, every feature
Start free
Pro
$9/yr
10 systems
Full platform, every feature
Launching soon
For teams & agencies
Team
$90/yr
100 systems
Launching soon
Business
$490/yr
1000 systems
Launching soon
Enterprise
$990/yr
2500 systems
Launching soon
Scale
$2490/yr
7000 systems
Launching soon
Contact us
Custom
7,000+ systems
Contact us
What counts as a system? One system is one host you monitor - a server, workstation, VM, or appliance - with its own software inventory. You organise systems into stacks (group by company, environment, or client), and your plan is metered by your total number of systems.

What stack monitoring does

A stack is a group of systems - the machines for one client, network, or environment. You add each system, tell the engine its OS, and give it a software inventory. From there it works continuously, and shows its work.

Exact CVE matching
Every package is resolved and matched by CPE and version range, and each finding shows its match basis - you can see exactly why a CVE applies. No probabilistic guessing, no model inventing a vulnerability that is not there.
Fix what matters first
Findings are ranked by severity plus real-world signal: known-exploited (CISA KEV), exploit prediction (EPSS), and active threat campaigns. The "act now" few surface above the noise, so you triage in minutes, not hours.
Continuous drift tracking
As new CVEs land against software you already run - including supply-chain vulns in npm, pip, and Maven - they are logged per stack, newest first, on every scan. Your posture stays current without you re-checking.
Triage that re-reviews itself
Accept or suppress a finding with a review date and it drops out of the active list, then automatically returns when the date lapses - so a risk acceptance never quietly becomes permanent.
Export into your workflow
Push a prioritised fix plan to CSV for Jira or ServiceNow, JSON for your own automation (pair it with an API token for headless pulls), or straight to a webhook in Zapier, Make, or any ticketing endpoint.
Live email alerts PRO
On Pro and up, an email reaches you the moment a new CVE affects a system you monitor - no dashboard-watching. The free tier has the full engine and dashboard; email delivery is the only paid unlock.
SOC and Response
CVE triage
Stack monitoring
Am I affected
IOC triage
KEV catalog
Recently exploited
Daily brief
Change tracking
Detection Engineering
Coverage workspace
Detection coverage
Coverage check
Telemetry ceiling
SIEM query builder
Sigma rules
SIEM rules
YARA rules
Network rules
D3FEND
Threat Hunting
Threat actors
ATT&CK techniques
Attack paths
Indicators
Atomic tests
Red Team and Pentest
Exploitability triage
Recon pack
Attack paths
CAPEC patterns
Adversary emulation
Compliance and GRC
Framework mapping
Control assessment
Audit view
Atlas Search Threat actors Techniques Tools & malware CWE CAPEC KEV catalog Package vulns
About All capabilities Pricing API docs Privacy policy Terms of service
threatengine.sh