Pricing

Pricing that scales with your fleet, not with your fear.

Single binary, host-priced, no agent. Every tier ships with the complete check catalogue and every remediation playbook — no paywalled features. You pay for the host count, the support level and the integrations you actually use.

Solo

For consultants and one-person blue teams.

$29/mo
$290 / yr · billed annually
  • 5 hosts
  • Unlimited scans
  • 569 checks · 55 playbooks
  • HTML / PDF / JSON / SARIF reports
  • Engagement directory + history
  • Community Slack support
Start 14-day trial

Team

For internal blue teams + small MSSPs.

$149/mo
$1,490 / yr · billed annually
  • 50 hosts
  • Daily scheduled scans
  • REST API access
  • Diff-over-time reports
  • Slack / Teams / email alerts
  • Email support, < 24h response
Start 14-day trial

MSSP

For multi-tenant managed-security shops.

$499/mo
$4,990 / yr · billed annually
  • Unlimited hosts
  • Multi-tenant org structure
  • White-label HTML reports
  • Bulk engagement export
  • Custom check authoring (YAML)
  • Priority support, < 4h response
Talk to sales

Enterprise

For regulated estates with bespoke requirements.

Custom
Annual contract · invoice-based
  • On-prem deployment
  • SSO (Okta / Entra / SAML)
  • Air-gap update channel
  • Dedicated check + playbook authoring
  • Pericial expert engagements
  • 24h support · named TAM
Talk to sales
What every tier includes

No paywalled checks. Ever.

Every Obexum subscription gets the full audit catalogue. Higher tiers add scale, integrations and support.

Complete check catalogue

569 forensic checks — ADCS ESC1-15, Kerberos, ACL, GPO, persistence, privesc, UAC bypass, hardening baselines. Every tier, day one.

All 55 remediation playbooks

Every fix Obexum knows how to render is available to every tier. No "Pro-only" remediations.

Defensible reports

Branded HTML, print-to-PDF, JSON, SARIF, Markdown. Engagement directories ship in every tier.

FAQ

Common questions.

Do I need to deploy an agent?

No. Obexum runs from a jump-box and connects to the target via SSH or WinRM with the credentials you already use.

Does my data leave my network?

Only if you opt into the SaaS portal (Team+) for cloud-side history. Solo + on-prem Enterprise are 100% local.

What does "host" mean for billing?

One host = one named target you scan, regardless of frequency. A DC counts as one host even if scanned hourly.

How does the trial work?

14 days, no credit card. Keep every artifact you generate. No telemetry. Convert with one form.

Can I cancel any time?

Yes. Subscriptions are month-to-month or annual. Cancellation stops renewal — you keep all engagements.

Do you offer non-profit / education pricing?

Yes — 50% off Team for verified non-profits and accredited education institutions. Contact us.

Try it on your own infrastructure.

14-day Team trial, every feature unlocked, no credit card.

Start free trial Read the docs →