Pricing

KEVIntel Pricing: Free, Pro, and Enterprise

Operational exploitation intelligence for teams that need to act fast. Prioritize vulnerabilities attackers are actually exploiting with evidence-backed KEV intelligence, confidence scoring, sensor telemetry, practical artifacts, and automation-ready delivery.

Current KEVIntel Coverage Snapshot

2,673

High & Confirmed Confidence KEVs

Evidence-backed exploitation with high confidence

1,026

Beyond CISA KEV

Additional exploited CVEs tracked beyond CISA KEV

54

KEVs Observed in Sensors (7d)

Tracked KEVs with observed exploitation attempts in honeypots

1,825+

Artifacts Available

PoC, Nuclei, and scanner context

Figures refresh about every 30 minutes.

Free

$0

For individuals and teams evaluating KEVIntel.

  • Public KEV feed and CVE pages
  • Free JSON API key
  • RSS feed (registered account)
  • Summary CVSS and EPSS fields
  • Aggregate sensor activity counts
  • Attacker Intelligence preview (anonymized ranks)
  • Basic CISA KEV and exploitation status

Pro

Best for security teams

$599/month

$5,999/year — save $1,189

Prices in USD, inclusive of any applicable VAT/sales tax.

For security teams that need enriched exploited-vulnerability intelligence in their workflow.

  • Everything in Free
  • Pro API with full KEV enrichment
  • Confidence scoring
  • Evidence links and exploitation timelines
  • Full CVSS, EPSS, CWE, PoC, and scanner context
  • Sensor-observed summaries where available
  • Attacker Intelligence — full IPs and profiles
  • Internal use by one organization
Start Pro

Create a free account, then subscribe from your dashboard.

Enterprise

Custom

For MSSPs, MDRs, larger security teams, and organizations operationalizing exploitation intelligence at scale.

  • Everything in Pro
  • Full proprietary sensor telemetry
  • Attacker intelligence API and CSV export
  • Event-level context where available
  • Deployable virtual patches (WAF rules)
  • Webhooks and integration support
  • Client-facing use (MSSP/MDR) and redistribution rights
  • Priority support

Which Plan Should I Choose?

Choose Free if you want to monitor public exploited-vulnerability intelligence.

Choose Pro if you need enriched API data for internal security workflows.

Choose Enterprise if you need full telemetry, virtual patch workflows, webhooks, client-facing use (MSSP/MDR), or redistribution rights.

Learn more in the Free KEV Feed, API documentation, or our CISA KEV comparison.

Enterprise & MSSP

Built for Security Providers and Operational Teams at Scale

Enterprise adds raw sensor telemetry, deployable virtual patch artifacts, outbound webhooks, and MSSP redistribution options on top of Pro enrichment — for teams that need full exploitation context in production workflows.

  • Raw telemetry — per-event attacker IPs, request paths, User-Agents, and payload samples via the Enterprise API.
  • Attacker intelligence — cross-CVE attacker rankings, per-IP profiles, CSV export, and API delivery for automation.
  • Virtual patch artifacts — deployable ModSecurity, Cloudflare, and AWS WAF rule exports for active KEVs.
  • Outbound webhooks — signed JSON delivery when new exploited vulnerabilities are first attested.
  • MSSP redistribution — client-facing exploitation intelligence with licensing options for security providers.

Free vs Pro vs Enterprise

Compare delivery channels, enrichment, telemetry, and licensing at a glance.

Swipe horizontally to compare

Feature Free Pro Enterprise
Public KEV feed Yes Yes Yes
RSS feed Yes Yes Yes
Free JSON API Yes Yes Yes
Pro API Yes Yes
Evidence links Yes Yes
Confidence scoring Yes Yes
Exploitation timelines Yes Yes
CVSS / EPSS / CWE enrichment Summary Full Full
PoC and scanner context PoC/scanner context and exploit-reference metadata PoC/scanner context and exploit-reference metadata
Sensor-observed summaries Aggregate counts only Yes Yes
Attacker Intelligence UI Anonymized ranks Full IPs + profiles Full IPs + profiles
Attacker intelligence API / CSV Yes
Full proprietary sensor telemetry Yes
Virtual patch guidance Availability flag only Availability flag only Deployable WAF rules — ModSecurity, Cloudflare, AWS WAF
Webhooks Yes
Client-facing use (MSSP/MDR) Yes
Redistribution rights Yes
Priority support Yes
Pro is licensed for internal use by a single organization only. MSSP, managed service, redistribution, client-reporting, vendor, or third-party use requires Enterprise licensing.

Frequently Asked Questions

Is KEVIntel just CISA KEV?
No. KEVIntel includes CISA KEV and adds additional exploited-vulnerability intelligence, evidence links, confidence scoring, enrichment, and proprietary sensor observations where available.
Can MSSPs use Pro for client reporting?
No. Pro is for single-organization internal use. MSSP, redistribution, managed service, client reporting, or vendor use requires Enterprise.
Do virtual patches replace vendor patches?
No. Virtual patch guidance is temporary mitigation guidance designed to reduce exposure while remediation is underway. Vendor patches and official mitigations should still be applied.
Can I try the API before paying?
Yes. The Free plan includes a free JSON API key with public KEV data.
What does Pro add over Free?
Pro adds enriched exploited-vulnerability intelligence, confidence scoring, evidence links, timelines, deeper vulnerability context, PoC/scanner metadata, and API-ready fields for internal security workflows.
When should I choose Enterprise?
Choose Enterprise if you need full sensor telemetry, webhooks, virtual patch workflows, client-facing use (MSSP/MDR), redistribution rights, or custom integration support.

Operational Exploitation Intelligence at Scale

Talk to us about Enterprise telemetry, deployable virtual patches, webhooks, and MSSP redistribution — or start Pro self-serve to evaluate enriched KEV intelligence in your workflow.

Free of charge for Ukrainian 🇺🇦 organisations