Optimal Premium Upgrade Setup
π‘ Why Organize Before Upgrading?β
Premium upgrades apply to an entire Organization. You may not want Premium features for all environmentsβtypically only Production needs extended retention, higher quotas, and advanced protection.
By organizing your Security Engines before upgrading, you save costs and keep your infrastructure organized.
Common Multi-Environment Setupβ
Most teams have a mix of environments with different security requirements:
π₯ Production Environmentsβ
Needs Premium:
- Extended alert retention (12 months)
- Higher alert quotas (millions/month)
- Organization-wide blocklists
- CTI API access for SIEM integration
- Threat Forecast blocklists
- Multi-seat team access
π§ͺ Dev / Test / Stagingβ
Community is sufficient:
- Basic alert monitoring (500/month)
- Short retention (2 months)
- Community blocklists (3k IPs)
- Individual engine management
- Single-user access
Recommended Setup Strategyβ
1οΈβ£ Create Production Organizationβ
Create a new organization specifically for your Production environment.
Community accounts get 1 extra organization for free (beyond your Personal Account).
2οΈβ£ Organize Your Enginesβ
- Personal Account: Keep Dev/Test/Staging engines here (Community tier)
- Production Org: Transfer Production engines to the new organization
You can transfer engines in two ways:
- Console: Transfer feature
- CLI: Re-enroll with
cscli
using--overwriteflag
3οΈβ£ Upgrade Production Onlyβ
Upgrade only the Production organization to Premium.
Your Dev/Test/Staging environments remain on Community tier with no additional cost.
β Alerts reappear in the new organization within minutes
Step-by-Step: Splitting Your Enginesβ
Option 1: Transfer via Console UIβ
Best for: Quick transfers of individual or small batches of engines
- Navigate to Security Engines page in Console
- Select the engine(s) you want to transfer
- Use the Transfer feature to move them to your Production organization
- Confirm the transfer
Option 2: Re-enroll via cscliβ
Best for: Bulk transfers, automation, or infrastructure-as-code deployments
# Get enrollment key from your Production organization
# Console β Organizations β Production β Enrollment Keys
# Re-enroll the Security Engine with --overwrite flag
cscli console enroll <ENROLLMENT_KEY> --overwrite
The --overwrite flag forces the engine to move to the new organization, even if already enrolled elsewhere.
Example Organizational Structureβ
Before Organizing (All in Personal Account):
- 10 Production servers (web, API, database)
- 5 Staging servers
- 3 Dev laptops
After Organizing:
Personal Account (Community - Free):
- 5 Staging servers
- 3 Dev laptops
Production Organization (Premium - Paid):
- 10 Production servers
- Full Premium features
- Team collaboration with 3 seats
- Extended retention and quotas
Benefits of This Approachβ
Cost Optimization
Only pay for Premium where you need it. Dev/Test environments remain free on Community tier.
Clear Separation
Production and non-production environments are cleanly separated, reducing noise and improving security posture visibility.
Flexible Scaling
Add more organizations later (MSPs can create unlimited orgs). Start simple, expand when required.
No Downtime
Alerts reappear in new organization within minutes. No disruption to security monitoring.
When NOT to Separateβ
You may want all engines in a single Premium organization if:
- You need extended retention across all environments for compliance
- Your team investigates attacks in staging/dev environments regularly
- You want centralized allowlists and blocklists everywhere
- You're an MSP managing multiple client environments (use Multi-Organization instead)
Next Stepsβ
Ready to upgrade?β
- Organize your Security Engines across Personal Account and Production Organization
- Upgrade the Production organization to Premium
- Test Premium features during your trial period (Testing Guide β)
