LogSentinel SIEM Pricing Model
- Every SIEM feature included – log collection, threat detection, incident response, behavior analytics and more
- Predictable price based on the number of active users
- Unlimited log storage for your compliance needs
- Discounted prices for large number of users
What is an "active user"?
Active users are the active user accounts in the organization's directory (ActiveDirectory, LDAP or other user repository). If an organization has multiple directories (e.g. per subsidiary/branch), they are added together.
Usually the number of employees in a company is a good approximation for the number of active users, however it's not a perfect one - there may be employees that don't have a digital footprint, or non-employees that have active user accounts (e.g. contractors and freelancers). Service accounts (not owned by a particular employee) and shared accounts (applicable in rare cases) are also considered active users.
SaaS accounts usually belong to employees that have an internal account as well. If there are employees with accounts only in a given SaaS, they are counted separately.
Are there volume limits?
Are there volume discounts?
Yes, the price per active user goes down with the increase in the number of users. An organization with 2000 active users will pay less per-user than an organization with 200 active users.
Is subscription monthly or annual?
We support both. Annual is easier and preferred by most organizations, but some want the flexibility to cancel at any time. Monthly subscriptions cost 10% more than annual ones.
Is managed detection and response included?
No, you can purchase managed detection and response for an additional cost. The service is provided by us or by a partner of your choice from our MSSP partners.
LogSentinel offers managed detection and response for monitoring and acting upon detected security threats. If you select a managed service, we have the obligation to monitor and triage all alerts generated by the SIEM as well as perform regular threat hunting. Depending on the setup, we can also handle the response by issuing certain commands and/or opening tickets with the necessary details.