Engagements

Six services. Fixed price. Matrix included above $25K.

Engagements above $25K include a 6-month matrix subscription plus 2 quarterly reports. The POV ($15K) is below that floor — it includes the public 1-pager and credits toward the full assessment.

POV — Benchmark on Your Data

1–2 weeks · $15K · Lightest entry

Run the public benchmark against your anonymized data. Deliver a 1-page TCO + perf readout. Cost credits toward the full assessment if you proceed within 90 days.

Read the engagement detail →

Splunk-to-MOAR Migration Assessment

2–3 weeks · $30K–$50K · Flagship wedge

The 145× benchmark, projected against your workload. Quantified TCO, engine recommendation, risk register, phased roadmap, executive deck.

Read the engagement detail →

Security Data Architecture Assessment

2–4 weeks · $40K–$80K · Natural follow-on

Independent architecture for greenfield or post-Splunk environments. 5-step audit, 12-scenario decision framework, component selection, 3-year TCO, phased roadmap.

Read the engagement detail →

Detection Engineering Modernization

4–8 weeks · $50K–$120K · Depth (DetectFlow)

Detection-as-code with MITRE ATT&CK + D3FEND coverage maps. Platform-agnostic content (SPL · KQL · YARA-L · SQL). False-positive reduction playbook.

Read the engagement detail →

Data Quality & Flow Health Validation

2–4 weeks · $25K–$60K · Foundation gate

Per-source quality plus cross-tool gap analysis. The foundation everything else depends on. Methodology shipped originally at Corelight.

Read the engagement detail →

Implementation Support / Advisory Retainer

Ongoing · $5K–$40K/mo · Continuity

Embedded (1–2 days/wk during active migration), advisory (monthly strategy + async review), or workshop (1–3 days).

Read the engagement detail →

Pricing philosophy

Fixed price over hourly. Each engagement quotes a fixed fee scoped to deliverables. No body-shop hours, no surprise invoices.

Book a 30-min discovery call → Read the benchmark first