Memory layer, no markup.

Three tiers for individual analysts, SOC teams, and MSSPs. Pick the one that fits.

→ Try the recall surface first — no signup

14-day free trial on Individual Researcher and Pro. No card required to start.

Individual Researcher

$49

/ month · billed monthly

Solo researchers and independent analysts. One seat, fast recall, no overhead. Hard cap: writing stops when you hit 2,000 records.

Start free trial
Most popular

Pro

$199

/ month · billed monthly

SOC teams and consulting shops. Full retrieval stack, knowledge graph, MCP server + LangChain adapter for AI agents.

Start free trial

Enterprise

$ — Contact us

Custom pricing

MSSPs and FedRAMP-bound teams. Multi-tenant, SSO, TypeDB graph storage, OpenCTI sync, dedicated support.

See pricing dimensions →
Value calculator

How much analyst time are you leaving on the table?

Adjust the inputs below to see your team's recoverable capacity — instantly, no form, no sales call required.

1200
150
0.25h8h
$40$300
Hours recovered / year
analyst-hours
Recovered capacity
FTE-equivalents
Dollar value recovered
per year
Net first-year value
recovered − pilot cost

Estimates only. Real value depends on your investigation mix and integration depth. Pilot teams measure their own baseline in week 1. Assumes ThreatRecall eliminates ~70% of context-rebuild time (re-reading old tickets, re-querying SIEM, asking teammates "did we see this IOC before?"). Pilot cost used for net value: $199/mo × 12 = $2,388/yr.

See it on your data → Apply for the pilot
Frequently asked
What's included in the FedRAMP control reporting?
Full NIST 800-53 Rev 5 Moderate baseline coverage — 20 control families, 36+ findings tracked and remediated. Pre-answered CAIQ-Lite v4 and SIG-Lite questionnaire available at /security/questionnaire.
Is the security questionnaire downloadable as PDF?
Yes — Download the full CAIQ-Lite v4 + SIG-Lite PDF (v1.0, 2026-05-29, EIN: 99-1234567). Pre-answered for SOC/MSSP procurement — no login required.
Can I self-host ThreatRecall inside my FedRAMP-authorized environment?
Yes — self-hosted deployment is available for Enterprise. Deploy on your own FedRAMP-authorized CSP (AWS GovCloud, Azure Government). Air-gapped mode available (LLAMA_BASE_URL). Contact security@threatengram.com.
When will FedRAMP authorization be complete?
Phase 4 (Authorization to Operate) is in progress. Target: post-Seed funding. We are not authorized today — do not represent us that way to your CISO. See the full posture statement at /security.
All plans include STIX provenance, audit logs, and blended hybrid search.
Record caps: Individual (2,000) and Pro (50,000) — writes are hard-blocked when the cap is reached. Upgrade to continue. Enterprise has no cap.
Questions? support@threatengram.com  ·  Integrations  ·  We ship weekly → /changelog  ·  Book a demo →  ·  How we compare →