SERVICE & PRICING GUIDE FEDRAMP HIGH BASELINE DOD IL4/IL5 READY AI INCLUDED — NO ADD-ON FEES

Transparent pricing.
AI always included.

Enterprise-grade SIEM, XDR & EDR with built-in Agentic AI — at 35–50% less than Splunk, CrowdStrike, or Microsoft Sentinel. Your entire agent count priced at a single tier. No blended rates. No data tax.

View Pricing → Request a Quote
FIPS 140-2 VALIDATED
AWS GOVCLOUD (US)
421 NIST 800-53 CONTROLS
CMMC READY
WAZUH + VELOCIRAPTOR
BEDROCK / CLAUDE AI
Platform Overview

Complete SIEM/XDR/EDR.
One subscription.

SecureWatch combines Wazuh + Velociraptor open-source engines with a proprietary Agentic AI layer. Targeting FedRAMP High Baseline authorization, hosted exclusively on AWS GovCloud.

Auto-Decoder Generation

Feed in raw log output from any source — mainframes, SCADA/ICS, bespoke agency apps — and get validated Wazuh decoder XML and correlation rules in minutes, not weeks.

✓ Weeks → Minutes
🔍

Natural Language Threat Hunting

Ask questions in plain English. The AI translates to OpenSearch DSL for historical data and Velociraptor VQL for live endpoint state, with MITRE ATT&CK correlations and kill-chain visualizations. Queries span all storage tiers — hot-tier results in seconds, warm-tier queries run asynchronously, and archived data queryable via Athena.

✓ Tier 1 → Tier 3 Capability
📋

Automated KSI / OSCAL Reporting

Live telemetry translated into digitally signed OSCAL JSON artifacts mapped to FedRAMP 20x Key Security Indicators. Drift detection fires within minutes.

✓ Continuous Authorization
Every AI capability is included in the base subscription at every pricing tier — no per-query charges, no premium AI tiers, no add-on fees. Every AI interaction is fully auditable with complete query provenance.
Pricing

Per-agent volume pricing.
AI always included.

An "agent" is any endpoint — server, workstation, container, or network device — running the SecureWatch agent package and reporting to the platform.

TIER 1

Starter

$ 30 /agent/mo
$360 per agent/year
1 – 250 agents
e.g. 125 agents = $45,000/yr
Get a Quote
TIER 2

Growth

$ 25 /agent/mo
$300 per agent/year
251 – 1,000 agents
e.g. 625 agents = $187,500/yr
Get a Quote
TIER 3

Enterprise

$ 21 /agent/mo
$252 per agent/year
1,001 – 5,000 agents
e.g. 3,000 agents = $756,000/yr
Get a Quote
TIER 4

Agency

$ 19 /agent/mo
$228 per agent/year
5,000+ agents
e.g. 7,500 agents = $1,710,000/yr
Get a Quote
Single-tier pricing, not blended. Your entire agent count is priced at the single tier that corresponds to your total. As you grow into a higher tier, the new lower rate applies retroactively across all agents. There is never a penalty for growth.

Pricing Examples

Small DoD Contractor
75 agents · Tier 1
$27,000
$2,250/mo
Mid-Size GovCon HQ
400 agents · Tier 2
$120,000
$10,000/mo
Agency Program Office
2,500 agents · Tier 3
$630,000
$52,500/mo
DoD Enterprise Rollout
8,000 agents · Tier 4
$1,824,000
$152,000/mo
🗄️
30 months of log retention included in every subscription. 90-day sub-second analytics via Index Rollups + 30-day raw event drill-down + tiered warm/cold archival — covers OMB M-21-31 and CMMC Level 2 requirements out of the box. No per-GB data charges, ever. Need 7-year archive? Add Extended Archive for just $1/agent/mo per 6-month block.
What's Included

No hidden feature gates.
No premium tiers.

Every SecureWatch subscription includes the complete platform and the full Agentic AI layer. No per-query AI charges.

🤖 Agentic AI Layer

  • Auto-Decoder Generation for any log source — mainframes, SCADA/ICS, bespoke apps
  • Natural Language Threat Hunting with OpenSearch DSL + Velociraptor VQL translation across all storage tiers
  • Automated KSI/OSCAL Reporting with digitally signed artifacts and drift detection
  • Full Query Provenance — every AI interaction logged for chain-of-custody compliance

🛡️ Core SIEM / XDR / EDR

  • Fully managed Wazuh + Velociraptor with multi-AZ HA and zero SPOFs
  • Real-time log collection, normalization, and correlation
  • File integrity monitoring with configurable policies
  • Vulnerability detection + CVE enrichment with remediation guidance
  • CIS Benchmark + DISA STIG configuration assessment
  • Rootkit/malware detection with automated response
  • Deep EDR: process chains, YARA scanning, remote quarantine

📊 Compliance & Reporting

  • NIST 800-53 Rev 5 High, FISMA, CMMC, DFARS, HIPAA monitoring
  • Pre-built compliance dashboards with exportable evidence
  • Automated monthly ConMon reporting
  • Customer Responsibility Matrix (CRM) with inheritable controls
  • DoD IL4/IL5 reciprocity documentation

🏗️ Infrastructure & Support

  • AWS GovCloud (US) with FIPS 140-2 encryption everywhere
  • Per-tenant isolation: dedicated KMS keys, micro-segmentation, RBAC
  • Login.gov (IAL2/AAL2) or SAML/OIDC with PIV/CAC support
  • 99.9% uptime SLA · Multi-AZ HA · Cross-region DR
  • 30-month log retention (hot/warm/cold) · WORM-compliant
  • Collector appliance with FIPS IPsec for air-gapped networks
  • Dedicated onboarding engineer · 8×5 support · QBRs
Optional Add-Ons

Supplementary services.
The AI layer is not an add-on.

The AI layer is included in every subscription. These are optional services for customers with specific operational requirements.

24×7 Premium Support

$3/agent/mo

Around-the-clock support with 1-hour critical response SLA, dedicated TAM, and priority escalation for High-impact environments.

Extended Archive (Beyond 30 Months)

$1.00/agent/mo per 6-month block

Extend cold archive beyond included 30 months, in 6-month increments up to 7 years. WORM-compliant with S3 Object Lock. Covers extended M-21-31 and litigation hold.

Managed Detection & Response (MDR)

$6/agent/mo

SecureWatch cleared analysts monitor 24×7, triage alerts, execute response playbooks, and provide incident commander support.

Custom Integration Development

Scoped per engagement

Custom decoders, rules, and integrations with SOAR, ticketing, GRC, or DoD platforms (ACAS, eMASS, HBSS).

Compliance Package (CRM + Inheritance)

$7,500 one-time

Complete CRM and FedRAMP High control inheritance documentation for your own authorization packages.

Dedicated Tenant Infrastructure

Custom

Physically isolated compute, storage, and networking beyond logical tenant separation.

Competitive Comparison

Superior capabilities.
Fraction of the cost.

Estimated annual cost for 1,000 agents. SecureWatch includes everything — competitors charge add-ons.

Capability SecureWatch Splunk Cloud Microsoft Sentinel CrowdStrike Falcon Elastic Cloud
Est. Annual Cost (1K agents) $252,000 $500K+ $350K+ $400K+ $300K+
FedRAMP Level✓ HIGHModerate✓ HighModerateModerate
DoD IL4/IL5✓ ReadyLimitedLimitedLimited
Built-In AI / LLM✓ Included$$ Add-on$$ Add-on$$ Add-on$$ Add-on
AI Threat Hunting✓ NL QueriesAI Asst $$Copilot $$Charlotte $$AI Asst $$
Auto Log Onboarding✓ AI Decoders✗ Manual✗ Manual✗ Manual✗ Manual
OSCAL / KSI Automation✓ Real-timeLimited
SIEM + XDR + EDR✓ All IncludedAdd-onAdd-onXDR OnlyAdd-on
FIM + Vuln + Config✓ All Included$$$ Add-ons$$ Add-onsPartialPartial
421 High Controls
Open-Source Core✓ Wazuh + VelociraptorPartial
Log Retention Included✓ 30 Months$$ Per GB$$ Per GB$$ Per GB$$ Per GB
Save 35–50% versus legacy SIEM platforms
With more capabilities included in the base price — not less.
Calculate Your Savings →
Billing & Contract Terms

Flexible billing.
Federal-friendly terms.

Monthly Billing

Invoiced on the first of each month based on peak active agent count from the prior month. No long-term commitment required.

✓ AI usage unlimited — no per-query charges

Annual Prepayment

10% discount on per-agent pricing with annual commitment and prepayment. Committed agent count with ability to add at contracted tier rate.

✓ 10% discount on all tiers

Multi-Year Agreements

Custom pricing for 3- and 5-year terms aligned with federal budget cycles, IDIQ task orders, and DoD program timelines.

✓ Custom pricing available

Service Level Agreements

Platform Availability
99.9% monthly uptime
Log Ingestion Latency
< 5 minutes to searchable
Alert Delivery
< 2 min from detection
AI Query Response (Hot Tier)
< 30 seconds
AI Query Response (Deep-Time)
< 5 min (warm-tier async)
Decoder Generation
< 5 min per new source
KSI/OSCAL Update
< 15 min from telemetry
Standard Support
4-hr Crit / 8-hr High (8×5)
Premium Support (24×7)
1-hr Crit / 4-hr High
Incident Notification
< 1 hour confirmed incident
DR Recovery
RTO: 4 hrs / RPO: 1 hr
Getting Started

Onboarding is fast.
AI makes it faster.

From discovery to go-live in weeks — with the AI layer accelerating what used to take months of professional services.

01

Discovery & Scoping

1–2 meetings

We map your environment: agent count, OS mix, network topology, classification levels, compliance requirements, and legacy log sources. For DoD customers, we coordinate connection approval and CDS requirements.

02

Tenant Provisioning

2–3 business days

We provision your isolated environment in AWS GovCloud with dedicated encryption keys, micro-segmented networking, tenant authentication (login.gov or your agency IdP via SAML/OIDC), configured dashboards, compliance policy mappings, and AI features enabled.

03

Agent Deployment + AI Log Onboarding

Your deployment timeline

Deploy the SecureWatch agent package via SCCM, Ansible, GPO, or BigFix. For air-gapped networks, deploy the Collector appliance. For legacy log sources, the AI Auto-Decoder generates validated parsers in minutes — no manual decoder development required.

04

Tuning & Go-Live

2–4 weeks

We tune detection rules, configure compliance policies against applicable STIGs and CIS benchmarks, and validate alerting workflows. Your analysts can begin using natural language threat hunting immediately. KSI/OSCAL reporting generates artifacts on day one.

Ready to see the AI layer in action?

Schedule a live demo with our team. We'll walk through your environment, show real-time threat hunting, and provide a tailored cost comparison.

Schedule a Demo → Request a Quote