Features
Every tier gets the full detection engine. Tiers only differ in capacity, included services, and multi-site support.
| Feature | Community | Home | Pro | MSP |
|---|---|---|---|---|
| Capacity | ||||
| Tracked devices | 50 | 100 | 250 | 250 / site |
| Log retention | 7 days | 30 days | 90 days | 90 days |
| Detection | ||||
| HDM device fingerprinting | ✓ | ✓ | ✓ | ✓ |
| Behavioral anomaly detection | ✓ | ✓ | ✓ | ✓ |
| Spreading activation alert correlation | ✓ | ✓ | ✓ | ✓ |
| Sigma detection rules | ✓ | ✓ | ✓ | ✓ |
| Threat intelligence indicators | ✓ | ✓ | ✓ | ✓ |
| Device Intel (profile updates) | — | Subscription or $49/yr add-on | Subscription or $49/yr add-on | ✓ |
| Log Sources | ||||
| Syslog (RFC 3164 / 5424) | ✓ | ✓ | ✓ | ✓ |
| UniFi CEF | ✓ | ✓ | ✓ | ✓ |
| DHCP log parsing | ✓ | ✓ | ✓ | ✓ |
| DNS log parsing | ✓ | ✓ | ✓ | ✓ |
| Firewall log parsing | ✓ | ✓ | ✓ | ✓ |
| Dashboard | ||||
| Real-time event stream | ✓ | ✓ | ✓ | ✓ |
| Device inventory & detail | ✓ | ✓ | ✓ | ✓ |
| Alert triage & investigation | ✓ | ✓ | ✓ | ✓ |
| Case management | ✓ | ✓ | ✓ | ✓ |
| Knowledge graph visualization | ✓ | ✓ | ✓ | ✓ |
| Event search (Hunt) | ✓ | ✓ | ✓ | ✓ |
| Analytics & time series | ✓ | ✓ | ✓ | ✓ |
| Response | ||||
| Webhook & email alerts | ✓ | ✓ | ✓ | ✓ |
| API access | — | — | ✓ | ✓ |
| MSP & Multi-Site | ||||
| Multi-site dashboard | — | — | — | ✓ |
| Client branding | — | — | — | ✓ |
| Bulk API | — | — | — | ✓ |
| Tenant isolation | — | — | — | ✓ |
| Support | ||||
| Community forum | ✓ | ✓ | ✓ | ✓ |
| Priority support | — | — | Subscription only | ✓ |
| Infrastructure | ||||
| Runs on-premises (no cloud) | ✓ | ✓ | ✓ | ✓ |
| Zero telemetry (no data leaves your network) | ✓ | ✓ | ✓ | ✓ |
| Software updates | ✓ | ✓ | ✓ | ✓ |