Community
For solo practitioners and curious teams.
Free
- Tenancy
- Shared, sandboxed
- Users
- 1 user
- Cases
- 25 active cases
- Standard incident playbooks
Pricing
Plans that match how your team scales
From a free sandbox to a regulated dedicated tenant. All tiers ship with the co-ordination workspace at the centre — features unlock as your programme grows.
Standard
For growing security teams ready to consolidate co-ordination.
$87/ month
Billed annually at NZD $1,044/yr
- Tenancy
- Shared multi-tenant
- Users
- Unlimited users
- Cases
- Unlimited active cases
- Standard incident playbooks
- Exposure management playbooks
- OAuth SSO (Microsoft 365 / Google)
Professional
The full co-ordination stack — recommended for most teams.
$399/ month
Billed annually at NZD $4,788/yr
- Tenancy
- Shared multi-tenant
- Users
- Unlimited users
- Cases
- Unlimited active cases
- Everything in Standard
- CTI workbench (threat intel + personas)
- Post-incident reporting
- Trends & metrics dashboards
- GRC content library (policies, standards, procedures)
- Simulations / Exercise mode
- Integrations
- SAML 2.0 SSO
Enterprise
For regulated organisations with board-level reporting needs.
POA$30K – $120K+/ year (typical)
Price on application
- Tenancy
- Dedicated tenant
- Users
- Unlimited users
- Cases
- Unlimited active cases
- Everything in Professional
- Incident governance (committees, attestation flows, audit, board reporting)
- SAML + SCIM provisioning
- Dedicated single-tenant deployment
All prices in NZD, excluding GST. Annual billing. Enterprise pricing scoped to your tenancy size, integration set and governance requirements — typically NZD $30K–$120K+ per year.
Compare plans
Side by side, feature by feature
| Feature | Community | Standard | Professional | Enterprise |
|---|---|---|---|---|
| Tenancy & access | ||||
| Tenancy | Shared, sandboxed | Shared multi-tenant | Shared multi-tenant | Dedicated tenant |
| Users | 1 | Unlimited | Unlimited | Unlimited |
| Active cases | 25 active | Unlimited | Unlimited | Unlimited |
| Workspace | ||||
| Standard incident playbooks | Included | Included | Included | Included |
| Exposure management playbooks | Included | Included | Included | |
| CTI (threat intel + personas) | Included | Included | ||
| Post-incident reporting | Included | Included | ||
| Trends & metrics dashboards | Included | Included | ||
| Content & exercises | ||||
| GRC content library | Included | Included | ||
| Simulations / Exercise mode | Included | Included | ||
| Integrations | Included | Included | ||
| Identity & governance | ||||
| SSO | OAuth (M365/Google) | SAML 2.0 | SAML + SCIM | |
| Incident governance | Included | |||
Common questions
How does Cyber Toolbox differ from a ticketing system?
Tickets are records of work. Cases are workspaces. A case workspace pulls policies, playbooks, comms timers, regulatory clocks, evidence, RASCI, external invitees and an immutable activity log into a single surface — so co-ordination cost is close to zero.
Do you replace our SIEM, EDR or vulnerability scanner?
No. Cyber Toolbox is the co-ordination layer above your detection and discovery tooling. Findings flow in via integrations; what you do about them is what we improve.
What about data residency?
Enterprise plans run on a dedicated tenant we deploy in your preferred region. Standard and Professional are multi-tenant in Aotearoa today; we're happy to talk options.
Can we customise the playbooks and procedures?
Yes — every artefact in the GRC content library is yours to fork. We seed the library; you own your copies from day one. The version is recorded against every case that uses it.
Do you support tabletop exercises?
Yes. Simulations / Exercise mode runs cases against the same playbooks and activity log as live response, but tagged so they stay out of programme metrics. The after-action report uses the same PIR template.
How long until we're live?
Community is instant. Standard and Professional onboard in days. Enterprise depends on the deployment topology and the integrations — typically 4–8 weeks.
Want a guided walkthrough of the right plan?
Book a 30-minute call. We'll scope the tenancy, integration and feature set against the way your team actually runs.