Pricing
Choose the plan that fits your investigation needs.
Community
Core investigation capabilities — free forever.
Free
- 1 user
Included features:
- Guided IR workflows
- Response actions (containment + remediation)
- Local LLM processing (Ollama, LM Studio, llama.cpp, litellm)
- Cloud LLM (Anthropic Claude, Google Gemini, OpenAI GPT)
- External threat intelligence (VirusTotal, AbuseIPDB, Shodan, URLhaus, ThreatFox + more)
- Two-factor authentication (TOTP)
Configurable sources:
- Microsoft Entra ID
- Microsoft Defender for Endpoint
- Active Directory
Log-based evidence sources:
- Log file ingestion (EVTX, .log, .csv, .json)
- PCAP / wireless capture analysis
- Syslog
- DNS logs
- DHCP logs
- Web access logs
Most Popular
Professional
Advanced integrations and analysis for security teams.
POA
- 1 to 3 users
Everything in Community, plus:
- CrowdStrike Falcon
- Ubiquiti UCG
- Incidents view
- Case narrative
- Evidence Export
- System Backup Restore
- Global Source Connectors
- Multiple Investigations
- Unlimited File Uploads
- Single sign-on (SAML 2.0)
- Single sign-on (OpenID Connect)
Enterprise
Full platform with automation, custom reporting, and premium integrations.
POA
- Unlimited users
Everything in Professional, plus:
- Varonis
- BigID
- Advanced reporting (NDB, Insurance, Legal Hold, etc.)
- Exfiltration detection
- External tool execution (BloodHound, NetExec, etc.)
- Microsoft 365 (Graph)
- Microsoft Purview
- Sophos Taegis
- Reporting (PDF, DOCX, HTML, JSON, Markdown)
- Playbooks
- Playbook Content Sampling
- Blast radius analysis
- AWS CloudTrailComing Soon
- Google WorkspaceComing Soon
- Palo Alto NetworksComing Soon
- ProofpointComing Soon
- SentinelOneComing Soon
- SplunkComing Soon
All plans include the CICADA IR VM appliance. Need a custom deployment or volume licensing? Contact sales