SLAs
Contractual. Not best-effort.
We commit to the following for critical incidents. These SLAs are contractual.
Critical (P1)
Active breach, ransomware detonation, mission-critical system down, data exfiltration in progress
- TTD: < 30 min
- TTI: < 30 min
- TTR: < 60 min
Critical (P1)
High (P2)
Significant impact or high likelihood of becoming P1 (e.g., lateral-movement foothold, privilege-escalation exploit, key business system partially degraded)
- TTD: < 30 min
- TTI: < 60 min
- TTR: < 2 h
High (P2)
Medium (P3)
Limited scope, partial loss of functionality, single-user or non-critical server compromise, policy violations without immediate threat
- TTD: < 60 min
- TTI: < 4 h
- TTR: < 6 h
Medium (P3)
Low (P4)
Informational, benign anomalies, accepted risk items, confirmed false-positives requiring ticket closure
- TTD: < 120 min
- TTI: < 1 business day (8 h)
- TTR: < 3 business days (72 h)
Low (P4)
Exceptions apply only in cases of external dependencies and are communicated within the first 15 minutes of investigation. You get decisions and actions.
Pricing:
Transparent. Per asset. SLA included.
Your time is valuable. We publish pricing, SLAs, and service scope so you can decide early whether this is a fit.
Everything included in the price
SIEM, EDR/XDR agents, ML detection jobs, SOC operations (24/7), incident response, cloud infrastructure, and SLA.
Predictable, flat-rate billing
Per-asset pricing with everything included. One invoice, one scope, one SLA. What you see is what you get.
Onboarding in days, not weeks
Discovery → agent deployment / log ingestion → SOC activation. Complimentary security assessment included.