Simple, transparent plans for operational threat intelligence – from single analysts through to large, regulated organisations and partners.
Cyber Defence’s Threat Intelligence platform is used by SOC365 customers, in-house SOCs, and security teams that need access to high-quality indicators, dark web visibility, and attack surface monitoring without opaque licensing.
Our plans are structured around real operational usage – number of monitored domains and assets, depth of dark web and credential monitoring, and integration into your existing tools – not arbitrary seat counts or hidden quotas.
Plans
Choose the plan that matches your mission today, knowing you can scale as your requirements grow.
For individual analysts, consultants, and very small teams. Full indicator dataset, limited dark web and credential-leak search for selected domains, basic attack surface monitoring, and fair-use API access for enrichment.
For SMEs and mid-sized organisations. Everything in Detect plus higher limits on monitored domains and IP space, expanded dark web and credential-leak visibility, increased API quotas, multiple named users, and priority support.
For larger, multi-site, or highly regulated organisations and partners. Everything in Defend plus significantly increased coverage, support for complex estates and MSSP use-cases, bespoke onboarding and tuning, and enhanced SLAs.
All plans include access to the Threat Intelligence portal and API. Higher tiers unlock greater coverage, higher limits, and deeper integration support.
| Feature | Detect | Defend | Disrupt |
|---|---|---|---|
| Portal access | ✓ | ✓ | ✓ |
| API access for enrichment | ✓ | ✓ | ✓ |
| Malicious IP / domain / URL / hash dataset | ✓ | ✓ | ✓ |
| Dark web & credential-leak search | Limited domains | Extended domains | Custom scope |
| Attack surface monitoring | Basic | Expanded | Enterprise |
| Number of monitored domains | Up to 5 | Up to 25 | By agreement |
| Number of monitored IP ranges | Up to 2 | Up to 10 | By agreement |
| Named users | 1 | Up to 5 | Flexible |
| Priority support | – | ✓ | ✓ |
| Bespoke onboarding & tuning | – | – | ✓ |
| MSSP / partner usage | – | By agreement | Yes |
Plans are billed monthly in advance and priced per organisation. Annual commitments, multi-year agreements, and combined SOC365 plus Threat Intelligence packages are available on request.
If you are an MSSP, consultancy, or want to embed Cyber Defence Threat Intelligence into a product, we can structure pricing and licensing around your commercial model.
Speak directly with a senior member of the Cyber Defence team, walk through your requirements, and map them to the most appropriate plan or a bespoke arrangement.
Yes. You can upgrade or downgrade plans at the end of each billing period. If your usage pattern changes significantly, we will work with you to ensure that the plan and pricing still make sense.
You can use the public lookup capabilities without charge and we can provide time-limited evaluation access to the full portal on request. For larger organisations, we usually combine evaluation with a scoped proof of value.
All plans include fair-use API limits designed to support normal SOC and enrichment usage. If you need higher volumes for automated processing or product integration, we can extend limits within the Defend and Disrupt plans.
Yes. Many customers consume Threat Intelligence as part of our SOC365 managed detection and response service. In these cases, pricing is structured as a combined package and the platform is integrated directly into detections, hunting, and response.
Yes. The Disrupt plan is designed to support MSSPs, consultancies, and technology vendors. We can provide volume-based pricing, white-labelling options, and alignment with your commercial model.
Cyber Defence’s Threat Intelligence platform is backed by the same CREST-accredited, ISO-certified operations that power SOC365. You are not buying a static feed – you are partnering with a team that actively curates, validates, and operationalises intelligence every day.
If you have requirements that do not fit neatly into Detect, Defend, or Disrupt, speak to us. We will build the right combination of coverage, limits, and support for your organisation.
