License Tiers
Detailed feature matrix for Rockfish NDR license tiers.
Tier Comparison
| Feature | Basic (Free) | Professional ($99) | Enterprise ($999) |
|---|---|---|---|
| Event Rate | 10,000/min | 50,000/min | Unlimited |
| Ingest + Parquet storage | Yes | Yes | Yes |
| GeoIP enrichment | Yes | Yes | Yes |
| HTML reports | Yes | Yes | Yes |
| S3 cloud upload | Yes | Yes | Yes |
| Full documentation | Yes | Yes | Yes |
| IP reputation scoring | — | Yes | Yes |
| Basic hunt algorithms | — | Yes | Yes |
| MCP server integration | — | Yes | Yes |
| Priority email support | — | Yes | Yes |
| ML anomaly detection | — | — | Yes |
| Threat Intelligence support | — | — | Yes |
| Workflow integration support | — | — | Yes |
| Dedicated support | — | — | Yes |
Basic (Free)
Available without a license file. Provides core NDR functionality:
- Ingest + Parquet storage
- GeoIP enrichment
- HTML reports
- S3 cloud upload
- Full documentation
Limit: 10,000 events per minute.
Professional ($99)
Adds detection intelligence and AI-powered analysis:
- Everything in Basic
- IP reputation scoring
- Basic hunt algorithms
- MCP server integration
- Priority email support
Limit: 50,000 events per minute.
Enterprise ($999)
Full NDR capability:
- Everything in Professional
- ML anomaly detection
- Threat Intelligence support
- Workflow integration support
- Dedicated support
No event rate limit.
License File Format
{
"id": "rockfish_acme-corp-enterprise_Abc123",
"tier": "enterprise",
"customer_name": "Acme Corp",
"customer_email": "[email protected]",
"max_events_per_min": null,
"issued_at": "2026-01-01T00:00:00Z",
"expires_at": "2027-01-01T00:00:00Z",
"signature": "base64-encoded-ed25519-signature"
}
Licenses are verified using Ed25519 digital signatures with a public key embedded in the binary. License provenance metadata is included in every Parquet file.
Deployment Model
- Perpetual licenses on a per site basis with 12 months of software maintenance
- Runs on your VPC or on-premise
- No telemetry or phone home
- Fully air-gap capable