platform plans
Streamline threat detection with one of our flexible plans.
All of our premium subscriptions can be tailored to your tech stack and security landscape to improve and simplify your threat detection.
PRO
For teams early in their threat detection maturity journey who want to add content to secops without adding more people.
Real-Time MITRE ATT&CK™ Coverage Mapping
Customized Threat Profile
Premium Content Feed Access (intelligence and high quality, pre-built correlation rules and hunt queries)
PLUS
For teams that have detection engineers and threat hunters and want to scale within threat hunts and threat detection processes.
Get everything in PRO, plus:
No-Code Detection Builder
Cloud-Based Sandbox
On-Prem, Portable Sandbox
COMPLETE
For the most mature teams who want to manage the entire detection development lifecycle (DDLC) with SnapAttack.
Get everything in PLUS, plus:
Threat Detection Validation Engine
Validation Script Builder
Expansion Packs
Detection Validation Framework
For organizations with no current validation capability that need to create and launch validation scripts to prove detection performance.
SIEM MIGRATION
For organizations migrating to a new SIEM and looking to quickly enhance their detection strategy.
User + Integration Expansion Pack
For organizations that require extra users and integrations covered in their SnapAttack plan.
Most popular with MSSPs
Not ready to commit? Try out our Community edition for individuals.
community
For individuals who want to learn and level up their detection game for free.
All base threat detection content for free
Advanced features such as integrations, attack capture lab, detection engineering, and validation only available starting at the Pro tier
benefits
Operationalize threat detection today with any of our plans.
All of our subscriptions can be tailored to your tech stack and security landscape to power up and streamline your threat detection. All SnapAttack plans include:
Automatic IOC + TTP hunting
Premium threat detection content updated every 6 hours
Integrations with your SIEM / EDR via API
Dashboards and reporting
One-click deployment
View MITRE ATT&CK coverage in real-time
PLATFORM
Click each feature to view more.
community
pro
plus
complete
The number of registered active users in your organization with full access to the SnapAttack SaaS platform.
1
3
5
10
The number of SIEMs or EDRs you can integrate with SnapAttack to streamline the deployment of detection rules and execute hunting queries.
0
2
2
2
INTELLIGENCE
Click each feature to view more.
Turn threat intelligence, provided by Mandiant/Google, into strategic and actionable insight through automatic and continuous prioritization of Threat Actors, Malware, Tools, and Vulnerabilities based on your organization’s unique attributes, such as Industries, Operating Regions, and Technology Stack.
View and leverage IOCs provided by Mandiant/Google Threat intelligence, organized by Threat Actor, Malware, Tool, and Vulnerability.
Automatically parse IOCs from free-form text, websites, and files, translate IOCs into queries usable in your SIEM/EDR, and search IOCS in your SIEM/EDR with one click.
Automatically summarize threat intelligence research articles from websites or files to gain quick insights and identify entities that are linked to detection content within SnapAttack.
DETECTIOn / HUNT
Click each feature to view more.
Skip the research and development phases of the detection development lifecycle by leveraging pre-written, tested, and enhanced community-sourced detection rules and hunting queries.
Detect an even broader range of both evergreen and new and emerging threats by leveraging detection rules and hunting queries developed on an ongoing basis by SnapAttack’s in-house Threat Research team.
Get more detections operational faster by automatically benchmarking all detections against your environment, determining real-world performance against your data, and identifying which detections to implement first.
Execute threat hunting queries in bulk as searches against multiple distinct SIEMs and EDRs. Review the results in SnapAttack and search across all previous hunts from one single pane of glass.
Deploy detection rules and execute threat hunting searches in multiple integrated SIEMs or EDRs in just two clicks.
REPORTS AND DASHBOARDS
Click each feature to view more.
Measure breadth and depth of MITRE ATT&CK detection coverage, scrutinize coverage by Technique & Sub-Technique priority level, and quickly deploy detections to fill the highest priority gaps.
Measure breadth and depth of detection coverage against prioritized Threat Actors, Malware, Tools, Techniques, and Vulnerabilities. Scrutinize coverage by threats by priority level, and quickly deploy detections to fill the highest priority gaps.
Easily identify, track, and action detections that have updates, deployment errors, and performance issues.
Assess and track your organization’s compliance with the security and privacy controls outlined in the NIST 800-53 framework.
RESEARCH AND DEVELOP
Click each feature to view more.
- Safely and easily research and capture end-point-based attack patterns, behaviors, and techniques with an on-demand hands-on-keyboard lab environment hosted by SnapAttack.
- Review end-point telemetry, video, keystrokes, and process graphs.
- Automatically identify applicable pre-existing detection rules from SnapAttack’s repository,
- Leverage captured telemetry to build and test your own detections using the No-Code Universal Detection Builder.
Bring the analytical power of SnapAttack’s Sandbox to your own research lab by installing the Portable Sandbox in your own environment.
Easily build simple detections from scratch or from sandbox events that can be translated to multiple SIEM and EDR languages without being an expert in any of them.
VALIDATE
Click each feature to view more.
Test detections in your environment by executing community sourced attack scripts that simulate atomic attacker behaviors.
Test detections in your environment by executing attack scripts created by SnapAttack’s in-house Threat Research team that simulate atomic attacker behavior.
Create your own custom attack scripts to simulate attacker behavior not already covered by SnapAttack’s existing repository.
Remotely execute attack scripts on victim machines running in your existing research lab, review the results, and document outcomes in one platform.
community
platform
The number of seats you get on your SnapAttack team account.
1,000s of pieces of open source threat intelligence, validated detections, and attack sessions from the SnapAttack threat research team.
detection / hunt
Translate detections into any query language at the click of a button so you can deploy them anywhere you need to, as many times as you need to.
See the total volume of detection content in SnapAttack, including threat intelligence, validated detections, and attack sessions.
pro
platform
The number of seats you get on your SnapAttack team account.
The number of SIEMs or EDRs you can integrate with SnapAttack.
1,000s of pieces of open source threat intelligence, validated detections, and attack sessions from the SnapAttack threat research team.
Thousands of additional premium and open source threat intelligence, validated detections, and attack sessions, exclusive to our subscribers.
Enhance automation workflows to search across or export detection content directly into your integrated SIEMs and EDRs.
intelligence
Copy and paste an article or URL into the platform to automatically pull out metadata like Threat Actor references, MITRE ATT&CK IDs, IOCs and more, directly into SnapAttack’s intelligence platform.
Insert text from any source to automatically pull out IOCs, and let SnapAttack tell you which are most relevant to you. Then, hunt in your integrated SIEM or EDR with just one click right from the same screen.
detection / hunt
Translate detections into any query language at the click of a button so you can deploy them anywhere you need to, as many times as you need to.
Autonomously run every detection in SnapAttack against your environment in silent mode to tailor the scoring to your datasets and unique environmental variables, identifying logging gaps and improving detection outcomes.
Deploy detections to any SIEM or EDR instantly in just one click.
Measure team effectiveness with your threat preparedness score, an attack coverage percentage, and MITRE coverage mapped against detections deployed into your environment.
Leverage the thousands of pre-curated Collections we’ve built and let SnapAttack tell you which are most relevant to you. Then, hunt in just one click right from the same screen.
See the total volume of detection content in SnapAttack, including threat intelligence, validated detections, and attack sessions.
reports
Measure your security coverage and confidence against the MITRE ATT&CK matrix, either at the macro level, or at a deeply granular level, directly in SnapAttack.
Measure the threat preparedness of your existing SIEMs and EDRs and understand which tools are doing the heavy lifting. Reveal your SOC’s capacity, discover which resources you need more of or can get rid of, and gain the data to back it up to your board.
Gain visibility into your team’s accomplishments, like how many threat intel objects they’ve created or viewed, how many threats they’ve been captured, which TTPs and IOCs they’ve hunted, and more.
plus
platform
The number of seats you get on your SnapAttack team account.
The number of SIEMs or EDRs you can integrate with SnapAttack.
1,000s of pieces of open source threat intelligence, validated detections, and attack sessions from the SnapAttack threat research team.
Thousands of additional premium and open source threat intelligence, validated detections, and attack sessions, exclusive to our subscribers.
Enhance automation workflows to search across or export detection content directly into your integrated SIEMs and EDRs.
intelligence
Copy and paste an article or URL into the platform to automatically pull out metadata like Threat Actor references, MITRE ATT&CK IDs, IOCs and more, directly into SnapAttack’s intelligence platform.
Insert text from any source to automatically pull out IOCs, and let SnapAttack tell you which are most relevant to you. Then, hunt in your integrated SIEM or EDR with just one click right from the same screen.
detection / hunt
A detection IDE that allows you to build validated, high-confidence detections with no coding knowledge necessary.
Translate detections into any query language at the click of a button so you can deploy them anywhere you need to, as many times as you need to.
Autonomously run every detection in SnapAttack against your environment in silent mode to tailor the scoring to your datasets and unique environmental variables, identifying logging gaps and improving detection outcomes.
Deploy detections to any SIEM or EDR instantly in just one click.
Measure team effectiveness with your threat preparedness score, an attack coverage percentage, and MITRE coverage mapped against detections deployed into your environment.
Leverage the thousands of pre-curated Collections we’ve built and let SnapAttack tell you which are most relevant to you. Then, hunt in just one click right from the same screen.
See the total volume of detection content in SnapAttack, including threat intelligence, validated detections, and attack sessions.
threat library
Test attacks in a sandbox environment available on-demand, complete with victim and attacker machines. Review captured telemetry in the resulting attack sessions to understand relevant forensic artifacts, find recommended detections, or build your own.
A portable capattack to install in your existing threat emulation lab, allowing your existing environment to benefit from the power of SnapAttack’s detection recommendations and streamlined detection development.
reports
Measure your security coverage and confidence against the MITRE ATT&CK matrix, either at the macro level, or at a deeply granular level, directly in SnapAttack.
Measure the threat preparedness of your existing SIEMs and EDRs and understand which tools are doing the heavy lifting. Reveal your SOC’s capacity, discover which resources you need more of or can get rid of, and gain the data to back it up to your board.
Gain visibility into your team’s accomplishments, like how many threat intel objects they’ve created or viewed, how many threats they’ve been captured, which TTPs and IOCs they’ve hunted, and more.
complete
platform
The number of seats you get on your SnapAttack team account.
The number of SIEMs or EDRs you can integrate with SnapAttack.
1,000s of pieces of open source threat intelligence, validated detections, and attack sessions from the SnapAttack threat research team.
Thousands of additional premium and open source threat intelligence, validated detections, and attack sessions, exclusive to our subscribers.
Enhance automation workflows to search across or export detection content directly into your integrated SIEMs and EDRs.
intelligence
Copy and paste an article or URL into the platform to automatically pull out metadata like Threat Actor references, MITRE ATT&CK IDs, IOCs and more, directly into SnapAttack’s intelligence platform.
Insert text from any source to automatically pull out IOCs, and let SnapAttack tell you which are most relevant to you. Then, hunt in your integrated SIEM or EDR with just one click right from the same screen.
detection / hunt
A detection IDE that allows you to build validated, high-confidence detections with no coding knowledge necessary.
Translate detections into any query language at the click of a button so you can deploy them anywhere you need to, as many times as you need to.
Autonomously run every detection in SnapAttack against your environment in silent mode to tailor the scoring to your datasets and unique environmental variables, identifying logging gaps and improving detection outcomes.
Deploy detections to any SIEM or EDR instantly in just one click.
Build attack plans from our existing validation scripts, or build your own and simulate real-world attacks to put your environment to the test.
Measure team effectiveness with your threat preparedness score, an attack coverage percentage, and MITRE coverage mapped against detections deployed into your environment.
Leverage the thousands of pre-curated Collections we’ve built and let SnapAttack tell you which are most relevant to you. Then, hunt in just one click right from the same screen.
See the total volume of detection content in SnapAttack, including threat intelligence, validated detections, and attack sessions.
threat library
Test attacks in a sandbox environment available on-demand, complete with victim and attacker machines. Review captured telemetry in the resulting attack sessions to understand relevant forensic artifacts, find recommended detections, or build your own.
Create your own validation scripts based upon the Atomic Red Team framework with our Attack IDE to validate detections and put your network to the test.
A portable capattack to install in your existing threat emulation lab, allowing your existing environment to benefit from the power of SnapAttack’s detection recommendations and streamlined detection development.
reports
Measure your security coverage and confidence against the MITRE ATT&CK matrix, either at the macro level, or at a deeply granular level, directly in SnapAttack.
Measure the threat preparedness of your existing SIEMs and EDRs and understand which tools are doing the heavy lifting. Reveal your SOC’s capacity, discover which resources you need more of or can get rid of, and gain the data to back it up to your board.
Gain visibility into your team’s accomplishments, like how many threat intel objects they’ve created or viewed, how many threats they’ve been captured, which TTPs and IOCs they’ve hunted, and more.
Ready to get started with SnapAttack?
Here's how it works:
step 01
Demo + discovery
step 02
No cost, no obligation proof of value
step 03
Start detecting the threats that matter, faster
Fast + easy deployment
Tailored to your goals, processes, and tools
Complimentary reporting included
Flexible, customized, hands-on support
why snapattack?
Power up your toolkit with dozens of direct integrations.
Integrations
With over 30+ direct integrations with the most common SIEM, EDR, or XDR tools, SnapAttack makes one-click deployment simple. And, we’re adding more every day. If you don’t see your tools here, let’s chat. More on integrations >
Partners
FEATURED CONTENT
Our case study, “Breaking Free from MSSP: Empowering In-House Cybersecurity Excellence at a Fortune 500 Bank,” reveals how SnapAttack empowered a Fortune 500 bank’s team, maturing their cyber defense with enhanced detection, streamlined processes, and increased ROI.
learn more
Frequently Asked Questions (FAQs)
While individuals such as detection engineers, threat hunters, threat researchers, students, and others do find value in our platform – the most efficiency gains and highest return on investment are felt by InfoSec teams that adopt our full suite of capabilities as a team (from CISOs & SOC Managers to Red & Blue teams).
Absolutely! Our Community Version is a great place to start. Click HERE to gain free access.
We integrate with over 35 of the leading SIEM & EDR/XDR platforms. Most of the industry’s favorites are already supported. You can see the full list here.
Some of our deepest integrations include Splunk, Azure Sentinel, Crowdstrike, SentinelOne, Chronicle, MDE and Elastic.
For unsupported integrations – we are always happy to consider expanding the integrations set based on customer request. When feasible, we can usually add integrations in 4-6 weeks.
There is some level of SOC maturity that we recommend in order to realize the most value out of our platform. That said, we’ve found that customers leverage the platform in different ways depending on where they stand in their journey through security operations maturity.
For those early in the journey, we enable junior analysts to advance their skillsets quickly, augment many of the red & blue team functions, and serve as a powerful content management feed for detection analytics, hunt queries, and threat emulations.
The more mature customer can leverage much more of our advanced toolset – red teamers lean on our Attack Capture Lab for attack emulation, detection engineers build and deploy analytics in our no-code detection builder, and purple teamers automate and collaborate with our Attack Plans.
Absolutely – our mission is to ensure you can get more value out of the teams and tools you already have. Tools like EDR, XDR & SIEM are supercharged and validated by SnapAttack’s platform.
Absolutely, and many do. While SnapAttack does offer advanced security validation capabilities, we lean heavily on this functionality to allow our customers to verify that their detection pipeline in the platform is validated and working as it should.
With this in mind, we have plenty of customers who leverage validation scripts from their existing BAS tool in the SnapAttack platform, and benefit greatly from our detection content and hunt queries in parallel.
We cover multiple use cases across the cybersecurity spectrum for anyone requiring a Proactive Threat Management Platform.
Enterprise & Public Sector CISOs, SOC Managers, Red & Blue Teams, Detection Engineers, Threat Hunters & Purple Teams find the most value from the SnapAttack platform.
MSSPs, Consultants & IR Firms also find tremendous value in delivering their services at scale, effectively and consistently across disparate tooling.
Absolutely! Once you’re in the app, you can create intelligence products by uploading a resource (PDF or link) to prepopulate your form or manually entering it in.
SnapAttack has log sources originating from Windows and Linux hosts.
Absolutely! When you input your native detections, your organization will even be credited for your threat hunting efforts (which affects your overall health score on the Detections Dashboard!).
SIGMA rules are synced with SnapAttack every six hours.
The SnapAttack platform supports “bulk ranking” which provides customized rankings based on your existing environment.