Test Premium Value in Your Environment

🧪 Measure Premium Value During Your Trial

Before exploring all Premium features, use this guide to measure and experience the value in your environment. These practical tests help you assess the concrete benefits of Premium during your trial period.

---

🎯 Test 1: Measure Improved Protection

What to Activate

Premium protection features are automatically enabled when you upgrade:

• Community Blocklist (Premium): Automatically sent to enrolled engines (50k IPs vs 3k)
• Threat Forecast Blocklist: Generated automatically from your organization's shared signals
• Premium Tier Blocklists: Subscribe to unlimited specialized blocklists
• Remediation Sync: Propagate decisions across all Security Engines
• Am I Under Attack: Get alerted on traffic surges

📊 Metric 1: Remediation Ratio

How to measure: Check your Console dashboard for proactive vs reactive blocking ratio.

Expected result: 2× more proactive blocking (blocklist hits vs real-time decisions)

💻 Metric 2: Server Resources

How to measure: Monitor CPU, memory, and bandwidth usage on your Security Engines before and after.

Expected result: 75-92% reduction in malicious traffic reaching your servers

📝 Metric 3: Log Volume

How to measure: Check your SIEM or log aggregator for alert volume changes.

Expected result: Cleaner logs, reduced alert fatigue, fewer false positives

Quick Test: Background Noise Filtering

Enable Background Noise Filtering (Low/Medium/High) and compare your alert dashboard before/after. You should see 75-92% fewer scanner and crawler alerts within 24 hours.

24h

to see results

75-92%

noise reduction

Learn more →

---

👥 Test 2: Enable Team Collaboration

What to Activate

Enable team features to see collaboration improvements:

• Multi-Seat Access: Invite team members (view/edit/admin roles)
• Extended Alert Retention: 365 days of historical data (vs 60 days)
• Increased CTI Quotas: 100 IP lookups/week (vs 30)
• Push Notification Integrations: Slack, PagerDuty, webhooks

Test: Long-Term Trend Analysis

365 days

Access your Console's Alerts page and analyze attack patterns over the past year. Look for recurring threats, seasonal patterns, or evolving attack vectors. This is impossible with Community's 60-day retention.

Learn more →

Test: CTI Investigation Workflow

100 lookups/week

Investigate suspicious IPs directly in the Console. View complete profiles: reputation, behavior, fingerprint, MITRE ATT&CK mappings. Perfect for incident response workflows without leaving the Console.

Test: Simultaneous Access

3+ seats

Have multiple team members work in the Console at the same time. Test concurrent operations: one person investigates alerts, another manages allowlists, a third reviews metrics. No access conflicts.

Learn more →

Test: Alerting Integration

Real-time

Connect your Slack or PagerDuty account and test notifications when a Security Engine goes offline or becomes outdated. Verify your team receives alerts in their existing tools.

Learn more →

Expected Results:

• ⚡ Faster incident investigations (direct CTI access in Console)
• 🔍 Better threat attribution (1-year retention for pattern analysis)
• 🤝 Reduced tool sprawl (team works in one place)
• 📢 Proactive alerting (issues detected before users complain)

---

🏢 Test 3: Scale for MSPs & Enterprises

What to Activate

Test multi-tenant and automation capabilities:

• Multi-Organization: Create separate organizations for each client/environment
• Service API (SAPI): Automate console management
• Blocklist Creation & Sharing: Distribute custom threat intel via API
• Auto Enroll: Zero-touch engine enrollment

Test: Multi-Tenant Isolation

100% isolated

Create 2-3 test organizations for different clients. Verify complete data isolation: each org sees only its engines, alerts, and decisions. Test switching between orgs from a single account.

Test: Custom Blocklist via APIAPI

API-driven

Use SAPI to create a custom blocklist with 10-20 IPs from your SIEM. Subscribe multiple organizations to it. Verify the IPs are blocked across all client environments within minutes.

Learn more →

Test: Automated Enrollment

Zero-touch

Enable Auto Enroll, then deploy a new Security Engine with your org's enrollment key. It should automatically join your organization without manual approval. Perfect for Terraform/Ansible/K8s deployments.

Test: Decision Management via APIAPI

Programmatic

Use SAPI to add/remove decisions from the Console. Test forcing a blocklist pull after subscription. Integrate this into your incident response playbooks or SOAR platform.

Learn more →

Expected Results:

• 🏗️ Clear tenant isolation (one org per client)
• 🤖 Streamlined multi-customer operations (API automation)
• 📊 Custom visibility per client (each org has its own dashboard)
• ⚙️ Infrastructure-as-code ready (zero-touch enrollment)

---

🎓 Recommended Trial Timeline

Week 1: Protection

• Enable all blocklists
• Activate Background Noise
• Turn on Remediation Sync
• Measure baseline metrics

Week 2: Team

• Invite team members
• Test CTI lookups
• Configure push notifications
• Analyze historical trends

Week 3: Scale

• Create test organizations
• Test SAPI endpoints
• Try Auto Enroll
• Custom blocklist sharing

Week 4: Review

• Compare metrics vs Week 1
• Document value realized
• Plan production rollout
• Prepare upgrade decision

---

💡 Need Help Testing?

Questions about your trial?

Our team can help you set up proper testing and measure the value in your specific environment.

Contact SupportView All Features →