Pricing
KEVIntel Pricing: Free, Pro, and Enterprise
Operational exploitation intelligence for teams that need to act fast. Prioritize vulnerabilities attackers are actually exploiting with evidence-backed KEV intelligence, confidence scoring, sensor telemetry, practical artifacts, and automation-ready delivery.
Current KEVIntel Coverage Snapshot
2,673
High & Confirmed Confidence KEVs
Evidence-backed exploitation with high confidence
1,026
Beyond CISA KEV
Additional exploited CVEs tracked beyond CISA KEV
54
KEVs Observed in Sensors (7d)
Tracked KEVs with observed exploitation attempts in honeypots
1,825+
Artifacts Available
PoC, Nuclei, and scanner context
Figures refresh about every 30 minutes.
Free
$0
For individuals and teams evaluating KEVIntel.
- Public KEV feed and CVE pages
- Free JSON API key
- RSS feed (registered account)
- Summary CVSS and EPSS fields
- Aggregate sensor activity counts
- Attacker Intelligence preview (anonymized ranks)
- Basic CISA KEV and exploitation status
Pro
Best for security teams$599/month
$5,999/year — save $1,189
Prices in USD, inclusive of any applicable VAT/sales tax.
For security teams that need enriched exploited-vulnerability intelligence in their workflow.
- Everything in Free
- Pro API with full KEV enrichment
- Confidence scoring
- Evidence links and exploitation timelines
- Full CVSS, EPSS, CWE, PoC, and scanner context
- Sensor-observed summaries where available
- Attacker Intelligence — full IPs and profiles
- Internal use by one organization
Create a free account, then subscribe from your dashboard.
Enterprise
Custom
For MSSPs, MDRs, larger security teams, and organizations operationalizing exploitation intelligence at scale.
- Everything in Pro
- Full proprietary sensor telemetry
- Attacker intelligence API and CSV export
- Event-level context where available
- Deployable virtual patches (WAF rules)
- Webhooks and integration support
- Client-facing use (MSSP/MDR) and redistribution rights
- Priority support
Which Plan Should I Choose?
Choose Free if you want to monitor public exploited-vulnerability intelligence.
Choose Pro if you need enriched API data for internal security workflows.
Choose Enterprise if you need full telemetry, virtual patch workflows, webhooks, client-facing use (MSSP/MDR), or redistribution rights.
Learn more in the Free KEV Feed, API documentation, or our CISA KEV comparison.
Enterprise & MSSP
Built for Security Providers and Operational Teams at Scale
Enterprise adds raw sensor telemetry, deployable virtual patch artifacts, outbound webhooks, and MSSP redistribution options on top of Pro enrichment — for teams that need full exploitation context in production workflows.
- Raw telemetry — per-event attacker IPs, request paths, User-Agents, and payload samples via the Enterprise API.
- Attacker intelligence — cross-CVE attacker rankings, per-IP profiles, CSV export, and API delivery for automation.
- Virtual patch artifacts — deployable ModSecurity, Cloudflare, and AWS WAF rule exports for active KEVs.
- Outbound webhooks — signed JSON delivery when new exploited vulnerabilities are first attested.
- MSSP redistribution — client-facing exploitation intelligence with licensing options for security providers.
Free vs Pro vs Enterprise
Compare delivery channels, enrichment, telemetry, and licensing at a glance.
Swipe horizontally to compare
| Feature | Free | Pro | Enterprise |
|---|---|---|---|
| Public KEV feed | Yes | Yes | Yes |
| RSS feed | Yes | Yes | Yes |
| Free JSON API | Yes | Yes | Yes |
| Pro API | — | Yes | Yes |
| Evidence links | — | Yes | Yes |
| Confidence scoring | — | Yes | Yes |
| Exploitation timelines | — | Yes | Yes |
| CVSS / EPSS / CWE enrichment | Summary | Full | Full |
| PoC and scanner context | — | PoC/scanner context and exploit-reference metadata | PoC/scanner context and exploit-reference metadata |
| Sensor-observed summaries | Aggregate counts only | Yes | Yes |
| Attacker Intelligence UI | Anonymized ranks | Full IPs + profiles | Full IPs + profiles |
| Attacker intelligence API / CSV | — | — | Yes |
| Full proprietary sensor telemetry | — | — | Yes |
| Virtual patch guidance | Availability flag only | Availability flag only | Deployable WAF rules — ModSecurity, Cloudflare, AWS WAF |
| Webhooks | — | — | Yes |
| Client-facing use (MSSP/MDR) | — | — | Yes |
| Redistribution rights | — | — | Yes |
| Priority support | — | — | Yes |
Frequently Asked Questions
- Is KEVIntel just CISA KEV?
- No. KEVIntel includes CISA KEV and adds additional exploited-vulnerability intelligence, evidence links, confidence scoring, enrichment, and proprietary sensor observations where available.
- Can MSSPs use Pro for client reporting?
- No. Pro is for single-organization internal use. MSSP, redistribution, managed service, client reporting, or vendor use requires Enterprise.
- Do virtual patches replace vendor patches?
- No. Virtual patch guidance is temporary mitigation guidance designed to reduce exposure while remediation is underway. Vendor patches and official mitigations should still be applied.
- Can I try the API before paying?
- Yes. The Free plan includes a free JSON API key with public KEV data.
- What does Pro add over Free?
- Pro adds enriched exploited-vulnerability intelligence, confidence scoring, evidence links, timelines, deeper vulnerability context, PoC/scanner metadata, and API-ready fields for internal security workflows.
- When should I choose Enterprise?
- Choose Enterprise if you need full sensor telemetry, webhooks, virtual patch workflows, client-facing use (MSSP/MDR), redistribution rights, or custom integration support.
Operational Exploitation Intelligence at Scale
Talk to us about Enterprise telemetry, deployable virtual patches, webhooks, and MSSP redistribution — or start Pro self-serve to evaluate enriched KEV intelligence in your workflow.
Free of charge for Ukrainian 🇺🇦 organisations