Simple, transparent pricing
One plan, all features. No hidden fees, no usage limits. Self-hosted within your own AWS account — you stay in full control.
Full Access
Everything you need to protect your AWS environment — GuardDuty threat management, real-time event monitoring, and advanced detection all in one self-hosted deployment.
- GuardDuty threat monitoring & configuration
- Real-time security event dashboard
- S3 data exfiltration detection
- Ransomware activity detection (write, delete, enumeration)
- Unauthorized IAM credential use detection
- BLOCK / REPORT / IGNORE actions per threat type
- Granular severity controls (Critical, High, Medium, Low)
- AWS EventBridge & Lambda powered — fully serverless
- Self-hosted within your own AWS account
- SNS email notifications for critical events
- CloudFront-secured frontend
- Cognito authentication with mandatory TOTP MFA
- 1-year license key with auto-renewal option
- Email support
No setup fees · Cancel anytime
Frequently asked questions
Is Threat Reaction really self-hosted?
Yes. Everything runs inside your AWS account. We never have access to your infrastructure, findings, or data.
What happens after I purchase?
You receive a signed license key instantly. Paste it into your Threat Reaction deployment and the app will validate it automatically.
Can I cancel my subscription?
Yes, at any time. Your license remains valid until the end of the current billing period.
Do you offer discounts for annual billing?
Contact us at hello@threatreaction.com to discuss annual pricing options.
Ready to secure your AWS environment?
Create an account, request a license, and be up and running in minutes.