Pricing.

Starter

Small security teams. Up to 100 endpoints, 5 users, 500K events/day.

$599

per month, billed annually

• → Causal chain analysis (4-heuristic linking)
• → Behavioral baselines & anomaly detection
• → Campaign detection (MITRE stage progression)
• → 64 built-in Sigma rules + 20 custom
• → Post-quantum encrypted transport
• → Mandatory 2FA & row-level tenant isolation
• → CISA KEV, NVD, GitHub Advisory feeds
• → 1 collector · 3 data source integrations
• → Email support (24h response, Mon–Fri)

Professional

Growing SOC teams. Up to 500 endpoints, 15 users, 2.5M events/day.

$3,999

per month, billed annually

• → Everything in Starter, plus:
• → Autonomous AI investigations (70+ score campaigns)
• → SSO (SAML + OIDC — Azure AD, Okta, Google)
• → 100 custom Sigma rules + community import
• → Ticketing (Jira, ServiceNow, PagerDuty)
• → Compliance reports (HIPAA, PCI, SOC 2, NIST CSF, CIS)
• → Tamper-evident audit trail
• → Scheduled exports (S3, SFTP, email)
• → 3 collectors · 10 data source integrations
• → Email + chat support (4h response, Mon–Fri)

Enterprise

Large organizations. Single-tenant, dedicated CSM, 24/7 support.

$25,000

per month floor · custom-scoped

• → Everything in Professional, plus:
• → Dedicated single-tenant infrastructure
• → Dedicated Customer Success Manager
• → 24/7 support with 30-minute critical response
• → Unlimited AI investigations (all models)
• → SOC 2 Type II report available
• → 3 custom integrations/year included
• → On-site onboarding + training (up to 3 days)
• → Cross-region failover

Federal

Mission-critical & classified. GovCloud, on-prem, or air-gapped.

$50,000

per month floor · 1 base + 4 option years

• → Everything in Enterprise, plus:
• → GovCloud deployment (AWS/Azure Government)
• → FIPS 203 (ML-KEM-768) & FIPS 204 (ML-DSA-65) today
• → STIG-hardened infrastructure
• → FedRAMP security documentation package
• → US-person support staff
• → ATO support documentation
• → Air-gapped deployment support
• → GSA Schedule / SEWP / CIO-SP3 procurement

Why no free tier?

TRA-CE processes sensitive security telemetry and builds causal chains that reveal real attack paths. Free tiers attract noise and create support load that takes away from paying customers. We invest in making the product exceptional for teams that are serious about security.

How does the trial work?

Starter plans include a 14-day trial. Professional plans include a 30-day trial. Full platform access, your real data, no credit card required. We help you set up during onboarding.

What is a causal chain?

A directed sequence of security events linked by proven causation, not just time proximity. Each link is evidence-graded: PROVABLE when backed by direct system evidence, MIXED when correlated across sources, INFERRED when pattern-matched. You always know what is proven and what is not.

Can I self-host?

Enterprise plans support deployment in your VPC or on-premise. Federal plans support air-gapped and GovCloud deployments. The collector always runs on your infrastructure.

What data sources are supported?

Elastic, Splunk, Microsoft Sentinel, CrowdStrike, SentinelOne, Okta, Google Workspace, AWS CloudTrail, and more. The collector normalizes events from any source into a unified format.

Is there a discount for nonprofits?

Yes. We offer reduced pricing for verified nonprofits, NGOs, and educational institutions. Contact us at jrandolph@tra-ce.ai.