Question 1

How is CICADA IR priced?

Accepted Answer

The Community Edition is free forever and includes core investigation capabilities. Professional and Enterprise plans are per-seat subscriptions — contact sales@cicada-ir.ai for a quote aligned to your team size.

Question 2

Where does my investigation data go?

Accepted Answer

Nowhere. All investigation data, evidence, and reports stay on the VM inside your network. CICADA IR does not phone home — licence activation is local and offline activation is supported for air-gapped environments.

Question 3

How long does deployment take?

Accepted Answer

Under 30 minutes from download to first investigation. Import the VM into your hypervisor, boot it, activate your licence in the setup wizard, connect your data sources, and start investigating.

Question 4

What support do you offer?

Accepted Answer

Community users get documentation and community support. Professional includes email support during business hours (AEST). Enterprise includes priority support with defined SLAs.

Question 5

Can I upgrade from Community to Professional later?

Accepted Answer

Yes. Upgrading is a licence key swap — your existing investigations, data, and configuration stay intact. No migration, no re-import.

Blog

Investigating Microsoft 365 BEC: OAuth grants, mailbox rules, and the BEC kill chain

How to investigate a compromised Entra ID account: a step-by-step IR workflow