Choose the tier that matches your mission. Every plan includes access to the real-time threat feed. No contracts, cancel anytime.
Perfect for security analysts and researchers who want to stay informed on the latest threats. Access the full threat feed, MITRE ATT&CK mapping, and daily intelligence debriefs at no cost.
Built for detection engineers and SOC teams who need production-ready rules. Get full SPL, KQL, and Sigma detection rules for every threat, plus IOC correlation and the detection library.
The complete toolkit for security teams running purple team operations. Unlock attack simulations, advanced correlations, Wild C2 intelligence, DNS enrichment, and full MCP server access.
For organizations requiring enterprise SLAs, volume licensing, SSO integration, and dedicated support. Contact us for custom pricing.
| feature | Blue | Red | Purple | Gold |
|---|---|---|---|---|
| threat_feed + filters | ✓ | ✓ | ✓ | ✓ |
| detection_library (view) | ✓ | ✓ | ✓ | ✓ |
| detection_copy + export | — | ✓ | ✓ | ✓ |
| mitre_coverage_map | ✓ | ✓ | ✓ | ✓ |
| statistics_dashboard | ✓ | ✓ | ✓ | ✓ |
| ioc_correlation | — | ✓ | ✓ | ✓ |
| indicators_tab | — | ✓ | ✓ | ✓ |
| daily_debriefs | — | ✓ | ✓ | ✓ |
| dns_lookups | — | 100/day | 1,000/day | 25,000/day |
| transcript_viewer | — | ✓ | ✓ | ✓ |
| attack_simulations | — | — | ✓ | ✓ |
| wild_c2_hunting | — | — | ✓ | ✓ |
| mcp_server | — | — | ✓ | ✓ |
| advanced_correlations | — | — | ✓ | ✓ |
| dns_enrichment_page | — | — | ✓ | ✓ |
| api_access | — | — | ✓ | ✓ |
| actor_attribution | — | ✓ | ✓ | ✓ |
| research_lab | — | — | — | ✓ |
| admin_dashboard | — | — | — | ✓ |
| sso_integration | — | — | — | ✓ |
| on_prem_deployment | — | — | — | ✓ |
| sla_backed_response | — | — | — | ✓ |
Yes. The Purple (SME) tier includes a 7-day free trial with no credit card required. You get full platform access during the trial period, including attack simulations, Wild C2 hunting, the MCP server, and advanced correlations. After 7 days, add a payment method to continue at $11.99/month.
Yes. You can upgrade or downgrade at any time from your profile settings. When upgrading, you gain immediate access to the new tier's features. When downgrading, you retain access until the end of your current billing period. No penalties or fees for switching.
We process payments through Stripe. All major credit cards, debit cards, and select regional payment methods are accepted. Enterprise customers can arrange invoicing and purchase orders by contacting our team.
No. All individual plans (Blue, Red, Purple) are month-to-month with no long-term commitment. You can cancel at any time and retain access until the end of your billing period. Enterprise (Gold) contracts are custom and may include annual terms with volume discounts.
The MCP (Model Context Protocol) server lets you query Threadlinqs intelligence from AI tools like Claude, Cursor, and other MCP-compatible clients. It includes 28 tools for searching threats, exporting detections, enriching IOCs, querying C2 data, and more. Available on the Purple tier and above.
Custom deployment options, SLA-backed response times, SSO integration, on-prem deployment, and dedicated support for your security team.
[ contact_sales ]No contracts. No hidden fees. Cancel anytime.
All plans are billed monthly through Stripe. You can manage your subscription from your profile settings.