Enterprise / MSSP Tier $499 / mo per deployment
For MSSPs, regulated enterprises, and government / critical-infrastructure operators. Public self-checkout at $499 / mo per deployment (or $4,990 / yr per deployment) under Intreys standard Terms of Use — a single multi-tenant install with unlimited internal tenants and users. Includes everything in Team plus multi-tenant case isolation, OIDC + SCIM 2.0 provisioning, tamper-evident audit logging, compliance mapping, customer-managed keys, white-label, and on-prem support. SAML 2.0 SSO is available as a controlled preview on request.
Buy Enterprise · Contact sales for custom contract terms · [email protected]
What you unlock
| Feature | Team | Enterprise / MSSP |
|---|---|---|
| Multi-tenant case isolation | — | Yes |
| SCIM 2.0 user / group provisioning | — | Yes |
| SSO | OIDC | OIDC + SCIM 2.0 (SAML 2.0 SSO by request — enterprise preview) |
| Tamper-evident audit logging | — | Yes |
| Compliance mapping | — | NIST 800-53, PCI DSS, HIPAA |
| Customer-managed keys (CMEK / BYOK) | — | Yes |
| Air-gapped / on-prem deployment | — | Supported |
| White-label branding | — | Yes |
| Custom MSA / DPA / BAA, custom SLA, 24×7 | — | Optional via Contact Sales |
| Standard support | 24-hour email SLA | Priority email support |
Multi-tenant isolation
Each customer engagement maps to its own tenant boundary with strict row-level isolation across captures, findings, comments, and audit records. Tenant administrators get a per-tenant role model (admin / analyst / viewer / read-only auditor) without leaking metadata across tenants. Suitable for MSSPs running concurrent customer engagements on shared infrastructure, or regulated operators separating production and exercise environments.
SCIM 2.0 user / group provisioning
System for Cross-domain Identity Management (RFC 7644) so your IdP is the source of truth. Supported endpoints:
/scim/v2/Users— create, read, update, deactivate/scim/v2/Groups— group membership drives role assignment- Token-based authentication on the SCIM endpoint, separate from the OIDC client
- Tested IdPs: Okta, Microsoft Entra ID, JumpCloud
SAML 2.0 single sign-on (enterprise preview)
OIDC is the production-grade SSO path for Enterprise / MSSP. SAML 2.0 SSO is offered as a controlled preview — we enable it per tenant after a short deployment review so we can capture IdP metadata, role mapping, and rollback expectations together.
- Group-attribute-driven role mapping (admin / analyst / viewer / auditor)
- OIDC remains supported in parallel for the same tenant
- Tested IdPs: Okta, Microsoft Entra ID, JumpCloud (additional IdPs on request)
To request SAML preview access, email [email protected].
Tamper-evident audit logging
All security-relevant operations (login, role change, capture import, finding mutation, export, license change, tenant administration) are emitted to an append-only audit log with hash-chained entries. Each record includes a SHA-256 link to the previous record so any in-place modification is detectable.
- Local audit log under
~/.intreys/audit/with daily rotation - Optional external sink: Splunk HEC, Syslog RFC 5424 with TLS, S3 object-lock
- Periodic chain-integrity self-check; failure raises a high-severity alert
Compliance mapping
Findings can be cross-referenced against control frameworks during reporting:
- NIST 800-53 Rev. 5 — AC, AU, IA, IR, SC families mapped to relevant detection logic
- PCI DSS v4.0 — Requirements 1, 2, 6, 8, 10, 11 mapped to network and authentication findings
- HIPAA Security Rule — technical safeguards (164.312) mapped to access, audit, and transmission detections
Compliance mappings appear in exported PDF and DOCX reports under the per-finding evidence section.
Customer-managed encryption keys (CMEK / BYOK)
Bring your own key for at-rest encryption of capture artifacts and audit records. Supported backends:
- AWS KMS (customer-managed CMK)
- Azure Key Vault
- Google Cloud KMS
- HashiCorp Vault transit engine
- PKCS#11 HSM (on-prem)
Air-gapped / on-prem deployment
Intreys can be deployed entirely without outbound internet:
- Offline license activation via signed bundle (no Cloudflare round-trip)
- Bundled threat-intel snapshots; manual refresh from a sealed feed
- Local LLM (Ollama) only; cloud AI providers can be hard-disabled
- Container images and the desktop binary signed with our release key
White-label branding
For MSSPs delivering reports to customers:
- Replace logo, primary color, and report cover page
- Custom report footer text (engagement number, customer name)
- Tenant-scoped: each MSSP customer can carry its own brand
Support
- Priority email support included at the standard list price
- Security advisories delivered under embargo before public disclosure
- 24×7 phone / chat support, named escalation contacts, dedicated CSM, quarterly reviews, and a contractual uptime SLA are available as an optional add-on under a custom support agreement — see below
Buy Enterprise / MSSP
Enterprise / MSSP is sold through public Stripe checkout at $499 / mo per deployment (or $4,990 / yr per deployment) under Intreys standard Terms of Use. One license covers a single multi-tenant install with unlimited tenants and users.
Custom contract terms
Self-checkout does NOT imply any custom contract terms by default. If you need any of the following, contact sales for a separate written agreement that layers on top of your subscription:
- Volume / committed-seat pricing
- Procurement / PO / ACH workflows in place of card billing
- Negotiated MSA, DPA, and (for healthcare engagements) BAA
- Custom SLA (response, resolution, uptime)
- 24×7 phone / chat support and dedicated escalation contacts
- Onboarding / deployment help, dedicated CSM
- Air-gapped / on-prem deployment support contract
- Customer-managed key (BYOK / CMEK) commitments
- Government / public-sector terms
- MSSP / reseller / OEM agreements