Pricing
All 16 defense modules are free and open source (AGPLv3), forever. Pro and Enterprise add AI-powered analytics, cloud dashboard, and team features.
Community
Open Source (AGPLv3)
- ✓All 16 defense modules
- ✓Single binary deployment
- ✓NATS JetStream event bus
- ✓REST API + CLI
- ✓YAML config, zero-config defaults
- ✓Console + webhook alerts
- ✓Community support (GitHub / Discord)
- —Cloud dashboard
- —AI threat analytics
- —Historical analytics
- —SIEM / Slack / PagerDuty integrations
- —Priority support
Pro
For Teams
- ✓Everything in Community
- ✓Cloud dashboard (real-time)
- ✓AI triage — 50K events/month
- ✓AI deep analysis — 5K events/month
- ✓30-day analytics retention
- ✓Slack + webhook integrations
- ✓Email alerts + daily digest
- ✓Up to 5 team members
- —SIEM integration (Splunk, Datadog)
- —PagerDuty / Opsgenie
- —Custom alert rules
- —SLA + priority support
Enterprise
Custom Scale
- ✓Everything in Pro
- ✓AI triage — 500K events/month
- ✓AI deep analysis — 50K events/month
- ✓90-day analytics retention
- ✓SIEM integration (Splunk, Datadog, Elastic)
- ✓PagerDuty / Opsgenie / custom webhooks
- ✓Custom alert rules + playbooks
- ✓Unlimited team members
- ✓Multi-node deployment support
- ✓Threat intel feed
- ✓SLA + priority support
- ✓Dedicated onboarding
Full Comparison
| Feature | Community | Pro | Enterprise |
|---|---|---|---|
| Core Platform | |||
| Defense modules | All 16 | All 16 | All 16 |
| Single binary deployment | ✓ | ✓ | ✓ |
| NATS JetStream event bus | ✓ | ✓ | ✓ |
| REST API | ✓ | ✓ | ✓ |
| CLI (up, status, modules) | ✓ | ✓ | ✓ |
| YAML config + zero-config defaults | ✓ | ✓ | ✓ |
| Docker + Helm deployment | ✓ | ✓ | ✓ |
| AI Analysis Engine | |||
| AI triage (Gemini Flash Lite) | — | 50K events/mo | 500K events/mo |
| AI deep analysis (Gemini 3 Flash) | — | 5K events/mo | 50K events/mo |
| Cross-module correlation | Rule-based | AI-enhanced | AI-enhanced |
| Bring your own API key | ✓ | Included | Included |
| Dashboard & Analytics | |||
| Console alerts | ✓ | ✓ | ✓ |
| Webhook alerts | ✓ | ✓ | ✓ |
| Cloud dashboard | — | ✓ | ✓ |
| Analytics retention | Local only | 30 days | 90 days |
| Email alerts + daily digest | — | ✓ | ✓ |
| Integrations | |||
| Slack notifications | Via webhook | Native | Native |
| SIEM (Splunk, Datadog, Elastic) | — | — | ✓ |
| PagerDuty / Opsgenie | — | — | ✓ |
| Custom alert rules + playbooks | — | — | ✓ |
| Team & Support | |||
| Team members | 1 | Up to 5 | Unlimited |
| Multi-node deployment | — | — | ✓ |
| Threat intel feed | — | — | ✓ |
| Support | GitHub / Discord | Email (48h) | SLA (4h) |
| Dedicated onboarding | — | — | ✓ |
How AI Analysis Works
1SEC uses a two-tier AI pipeline designed for efficiency. Not every event hits the AI — only Medium+ severity events go to triage, and only high-confidence threats (score ≥ 0.6) escalate to deep analysis. Pro and Enterprise include fully managed AI — no API keys to set up, no token usage to track.
Tier 1 — Triage
Gemini 2.5 Flash Lite
High-speed pre-filter. Scores every event, discards false positives, and routes real threats to deep analysis. Handles tens of thousands of events per hour.
Tier 2 — Deep Analysis
Gemini 3 Flash
Full threat classification with 1M token context window. Correlates events across modules, identifies attack chains, and generates actionable recommendations.
Included AI Quota by Plan
| Capability | Community | Pro ($49/mo) | Enterprise ($499/mo) |
|---|---|---|---|
| AI triage events | BYOK | 50,000/mo | 500,000/mo |
| AI deep analysis events | BYOK | 5,000/mo | 50,000/mo |
| API key management | Self-managed | Managed | Managed |
| Cloud dashboard | — | ✓ | ✓ |
BYOK = Bring Your Own Key. Set GEMINI_API_KEY and pay Google directly.
Community users can bring their own Gemini API key for AI features at no charge from us. Pro and Enterprise include managed AI — no API keys to configure, no token billing to track.
FAQ
Is the open source version limited?
No. All 16 defense modules run at full capability. The Community tier is the complete security engine (AGPLv3) — same binary, same detection, same event bus. Pro/Enterprise add cloud-hosted AI analytics and team collaboration on top.
Can I use my own Gemini API key on the free tier?
Yes. Set GEMINI_API_KEY in your environment and the AI Analysis Engine activates automatically. You pay Google directly for token usage. No 1SEC fee.
What happens if I exceed my AI event limits?
AI analysis pauses for the billing cycle. All 16 modules continue running — they don't depend on AI. You can upgrade mid-cycle or wait for the reset.
Can I self-host everything including the dashboard?
The core engine is fully self-hosted. The cloud dashboard is a hosted service included with Pro/Enterprise. We're exploring a self-hosted dashboard option for Enterprise.
Do you offer annual billing?
Coming soon. Annual plans will include 2 months free (pay for 10, get 12).