LogSentinel SIEM Pricing Model

SIEM pricing based solely on the number of active users.

  • Every SIEM feature included – log collection, threat detection, incident response, behavior analytics and more
  • Predictable price based on the number of active users
  • Unlimited log storage for your compliance needs
  • Discounted prices for large number of users
SentinelTrails Dashboard

What is an "active user"?​

Active users are the active user accounts in the organization’s directory (ActiveDirectory, LDAP or other user repository). If an organization has multiple directories (e.g. per subsidiary/branch), they are added together.

Usually the number of employees in a company is a good approximation for the number of active users, however it’s not a perfect one – there may be employees that don’t have a digital footprint, or non-employees that have active user accounts (e.g. contractors and freelancers). Service accounts (not owned by a particular employee) and shared accounts (applicable in rare cases) are also considered active users.

SaaS accounts usually belong to employees that have an internal account as well. If there are employees with accounts only in a given SaaS, they are counted separately.

Are there volume limits?​

Practically no. Our terms of use have a non-enforced upper bound of 50 GB per month for organizations with fewer than 200 employees and if you consistently go beyond that, we reserve the right to charge €5 ($5.90) per gigabyte over the 50 GB allowance.​

Are there volume discounts?​

Yes, the price per active user goes down with the increase in the number of users. An organization with 2000 active users will pay less per user than an organization with 200 active users.​

Is subscription monthly or annual?​

We support both. Annual is easier and preferred by most organizations, but some want the flexibility to cancel at any time. Monthly subscriptions cost 10% more than annual ones.​

If I'm a SaaS provider, do my SaaS users count?​

SaaS providers have a lot of users that generate a security footprint (through access logs, flow logs, authentication logs, application audit logs, etc.). However, as a SaaS company may have thousands of users, these users are counted with a ratio 100-to-1, meaning each 100 SaaS users are counted as 1 internal user. A SaaS company with 100 employees and 5000 users would be considered an organization with 150 users.​

Is support included?​

All LogSentinel SIEM customers have access to our detailed documentation and support resources. Customer support is through our online Support Center. If you need additional support, please contact us and we’ll be happy to provide terms that suit your requirements.​

Is managed detection and response included?​

No, you can purchase managed detection and response for an additional cost. The service is provided by us or by a partner of your choice from our MSSP partners.

LogSentinel offers managed detection and response for monitoring and acting upon detected security threats. If you select a managed service, we have the obligation to monitor and triage all alerts generated by the SIEM as well as perform regular threat hunting. Depending on the setup, we can also handle the response by issuing certain commands and/or opening tickets with the necessary details.​

Is there a trial?​

Yes, you can register for free, connect a few sources and get familiar with the interface. ​


Simplify Security and Compliance

Fill in a brief form and get a SIEM price quote today!