Pricing
All 16 defense modules are free and open source (AGPLv3), forever. Pro and Enterprise add AI-powered analytics, cloud dashboard, and team features. A commercial license is available for organizations that need to use 1-SEC without AGPLv3 obligations.
Community
Open Source (AGPLv3) · Dual Licensed
- ✓All 16 defense modules
- ✓Single binary deployment
- ✓NATS JetStream event bus
- ✓REST API + CLI
- ✓YAML config, zero-config defaults
- ✓Terminal + webhook alerts
- ✓Community support (GitHub / Discord)
- —Cloud dashboard
- —AI threat analytics
- —Historical analytics
- —SIEM / Slack / PagerDuty integrations
- —Priority support
Pro
For Teams
- ✓Everything in Community
- ✓Cloud dashboard (real-time)
- ✓AI triage — 50K events/month
- ✓AI deep analysis — 5K events/month
- ✓2,000-event analytics history
- ✓Slack + webhook integrations
- ✓Email alerts + daily digest
- ✓Up to 5 team members
- —SIEM integration (Splunk, Datadog)
- —PagerDuty / Opsgenie
- —Custom alert rules
- —SLA + priority support
Enterprise
Custom Scale
- ✓Everything in Pro
- ✓AI triage — 500K events/month
- ✓AI deep analysis — 50K events/month
- ✓2,000-event analytics history
- ✓SIEM integration (Splunk, Datadog, Elastic)
- ✓PagerDuty / Opsgenie / custom webhooks
- ✓Custom alert rules + playbooks
- ✓Unlimited team members
- ✓Multi-node deployment support
- ✓Threat intel feed
- ✓SLA + priority support
- ✓Dedicated onboarding
Full Comparison
| Feature | Community | Pro | Enterprise |
|---|---|---|---|
| Core Platform | |||
| Defense modules | All 16 | All 16 | All 16 |
| Single binary deployment | ✓ | ✓ | ✓ |
| NATS JetStream event bus | ✓ | ✓ | ✓ |
| REST API | ✓ | ✓ | ✓ |
| CLI (up, status, modules) | ✓ | ✓ | ✓ |
| YAML config + zero-config defaults | ✓ | ✓ | ✓ |
| Docker + Helm deployment | ✓ | ✓ | ✓ |
| AI Analysis Engine | |||
| AI triage (Gemini 2.5 Flash Lite) | — | 50K events/mo | 500K events/mo |
| AI deep analysis (Gemini 3 Flash) | — | 5K events/mo | 50K events/mo |
| Cross-module correlation | Rule-based | AI-enhanced | AI-enhanced |
| Bring your own API key | ✓ | Included | Included |
| Dashboard & Analytics | |||
| Terminal alerts | ✓ | ✓ | ✓ |
| Webhook alerts | ✓ | ✓ | ✓ |
| Cloud dashboard | — | ✓ | ✓ |
| Analytics history | Local only | 2,000 events | 2,000 events |
| Email alerts + daily digest | — | ✓ | ✓ |
| Integrations | |||
| Slack notifications | Via webhook | Native | Native |
| SIEM (Splunk, Datadog, Elastic) | — | — | ✓ |
| PagerDuty / Opsgenie | — | — | ✓ |
| Custom alert rules + playbooks | — | — | ✓ |
| Team & Support | |||
| Team members | 1 | Up to 5 | Unlimited |
| Multi-node deployment | — | — | ✓ |
| Threat intel feed | — | — | ✓ |
| Support | GitHub / Discord | Email (48h) | SLA (4h) |
| Dedicated onboarding | — | — | ✓ |
How AI Analysis Works
1SEC uses a two-tier AI pipeline designed for efficiency. Not every event hits the AI — only Medium+ severity events go to triage, and only high-confidence threats (score ≥ 0.6) escalate to deep analysis. Pro and Enterprise include fully managed AI — no API keys to set up, no token usage to track.
Tier 1 — Triage
Gemini 2.5 Flash Lite
High-speed pre-filter. Scores every event, discards false positives, and routes real threats to deep analysis. Handles tens of thousands of events per hour.
Tier 2 — Deep Analysis
Gemini 3 Flash
Full threat classification with 1M token context window. Correlates events across modules, identifies attack chains, and generates actionable recommendations.
Included AI Quota by Plan
| Capability | Community | Pro ($49/mo) | Enterprise ($499/mo) |
|---|---|---|---|
| AI triage events | BYOK | 50,000/mo | 500,000/mo |
| AI deep analysis events | BYOK | 5,000/mo | 50,000/mo |
| API key management | Self-managed | Managed | Managed |
| Cloud dashboard | — | ✓ | ✓ |
BYOK = Bring Your Own Key. Set GEMINI_API_KEY and pay Google directly.
Community users can bring their own Gemini API key for AI features at no charge from us. Pro and Enterprise include managed AI — no API keys to configure, no token billing to track.
FAQ
Is the open source version limited?
No. All 16 defense modules run at full capability. The Community tier is the complete security engine (AGPLv3) — same binary, same detection, same event bus. Pro/Enterprise add cloud-hosted AI analytics and team collaboration on top.
Can I use my own Gemini API key on the free tier?
Yes. Set GEMINI_API_KEY in your environment and the AI Analysis Engine activates automatically. You pay Google directly for token usage. No 1SEC fee.
What happens if I exceed my AI event limits?
AI analysis pauses for the billing cycle. All 16 modules continue running — they don't depend on AI. You can upgrade mid-cycle or wait for the reset.
Can I self-host everything including the dashboard?
The core engine is fully self-hosted. The cloud dashboard is a hosted service included with Pro/Enterprise. We're exploring a self-hosted dashboard option for Enterprise.
What is the dual license?
1-SEC is dual-licensed. The open-source version is AGPLv3 — free to use, modify, and self-host. If your organization needs to use 1-SEC without AGPLv3 obligations (embedding in proprietary products, reselling, or offering as a managed service), a commercial license is available. Contact support@driftrail.com for details.
Can I resell or rebrand 1-SEC?
Not under the AGPLv3 license. Reselling, rebranding, or offering 1-SEC as a competing commercial product or managed service requires a commercial license. Reach out to support@driftrail.com.
Do you offer annual billing?
Coming soon. Annual plans will include 2 months free (pay for 10, get 12).