Cybereinforce logo

Cybereinforce Threat Enforcement
Plan comparison
Compare Plans

See exactly what changes from Standard to Madness.

Cybereinforce plans scale from pure browser enforcement to full event visibility, Sentinel content, customer-specific threat intelligence, and investigation support. This page is built to help visitors understand the operational difference, not just the price difference.

Defender IOC automation Sentinel content and telemetry CTI and investigation options
Standard

Standard

Best for customers who want deterministic browser enforcement with the leanest commercial entry point.

Event logs
None
No event log visibility in the customer workspace.
Retention
0 days
Focused on enforcement, not log storage.
Rule limit
Up to 500
For direct customer-controlled block rules.
  • Browser-level URL enforcement
  • Full URL path blocking
  • Standard automatically receives Defender IOCs via Logic Apps
  • Best when the main requirement is blocking, not SOC telemetry
SME

SME

Adds real event visibility and Microsoft Sentinel content for organisations that need operational SOC value.

Event logs
Up to 500
For customer investigations and detections.
Retention
7 days
Short-term investigation and review window.
Rule limit
Up to 1,000
More operational flexibility than Standard.
  • Everything in Standard
  • Event logs can be sent to Log Analytics Workspace
  • Analytics Rules can be created
  • Incidents can be created on Sentinel or Defender
  • Workbooks can be created
Corporate

Corporate

Adds Cybereinforce Threat Intelligence to customer-controlled blocking for stronger coverage and a better CTI story.

Event logs
Up to 1,000
More room for operational telemetry.
Retention
30 days
Monthly investigation window.
Rule limit
Up to 2,000
Supports larger customer rule sets.
  • Everything in SME
  • Cybereinforce Threat Intelligence toggle
  • Customers can receive Cybereinforce CTI domains and URLs for blocking on Chrome
  • Stronger managed protection and curated intelligence story
Madness

Madness

Highest tier for customers who want the broadest telemetry, longest retention, CTI support, and included investigation help.

Event logs
Up to 2,000
Highest included telemetry volume.
Retention
90 days
Longer investigation and reporting horizon.
Rule limit
Up to 5,000
Largest customer-controlled rule capacity.
  • Everything in Corporate
  • Up to 50 URL investigation requests per year included
  • Investigated URLs are assessed and results are shared as block or clean
  • Best fit for high-touch customers and premium security operations support

Feature-by-feature comparison

This section works like a hosting comparison page: clean rows, obvious differences, and no need for the visitor to guess what changes between plans.

Capability Standard SME Corporate Madness
Browser-level URL enforcementIncludedIncludedIncludedIncluded
Full URL path blockingIncludedIncludedIncludedIncluded
Defender IOC automation via Logic AppsIncludedIncludedIncludedIncluded
Event logsNot includedUp to 500Up to 1,000Up to 2,000
Retention0 days7 days30 days90 days
Customer rule limitUp to 500Up to 1,000Up to 2,000Up to 5,000
Send logs to Log Analytics WorkspaceNoYesYesYes
Create Analytics RulesNoYesYesYes
Create incidents on Sentinel or DefenderNoYesYesYes
Create workbooksNoYesYesYes
Cybereinforce Threat Intelligence toggleNoNoYesYes
Cybereinforce CTI domains / URLs for blockingNoNoIncludedIncluded
Included URL investigation requestsNoNoNoUp to 50 / year
Investigation result sharing (block or clean)NoNoNoYes

Pick Standard if blocking is the main priority

Standard is for customers who mainly want browser-level enforcement and Defender IOC-driven blocking, without needing SOC content or log storage.

Pick SME if the customer needs Sentinel visibility

SME is where Cybereinforce becomes much stronger for security operations because it adds event logs, Log Analytics, analytics rules, incidents, and workbooks.

Pick Corporate or Madness for higher-touch protection

Corporate introduces Cybereinforce Threat Intelligence, while Madness adds included URL investigation support for customers that want a more premium service model.

Choose the plan that matches your operational maturity

Start with deterministic browser enforcement, then move up into event visibility, Sentinel content, Cybereinforce CTI, and included investigation support as customer needs grow.

View Pricing View Integrations Create/Login Admin Center