ThreatCluster's MSSP tier is multi-tenant from the database up. Customers are first-class records, each with their own feeds, alert rules, webhooks, scheduled digests, and branded PDF reports. Same product, the multi-customer plumbing turned on.
The three things that distinguish a real MSSP product from "Business with a customer field added". Everything below ships today.
Each client gets a record with name, domain, contact email, free-text notes, and a logo. Everything that needs to be scoped to that client — feeds, alerts, webhooks, digests, reports — keys off it.
Daily, weekly, or monthly digests for each client, tied to a feed you've set up for them. Recipients are configurable per digest, and an optional AI prompt biases the output toward what that client cares about. Healthcare wants HIPAA enforcement, logistics wants maritime CVEs. Same engine, different output.
The report generator takes a brand name and logo on export. Pair that with the customer's uploaded logo and the rendered PDF carries their identity, not yours. Same scoring, same entities, same source links. Output you send as the deliverable.
Org-scoped feeds, alert rules, and webhooks under the hood. The MSSP layer extends that with customer records that aren't tied to a sign-up, so you can run a customer's pipeline without them ever logging in. Per-org alerts route to the client's SIEM, Slack, or ticketing — not yours.
Everything in the dashboard is in the API: customer records, digests, feeds, alert rules, workflows. Pull a per-client threat list into your existing reporting tooling, sync customer state from your billing system, automate onboarding with the baseline alert rules and feeds you'd otherwise click through.
If you serve more than one client, Business doesn't have the plumbing for it — no customer record, no per-customer digest, no branded report. MSSP is the same product with that layer turned on.
Full tier limits and side-by-side feature matrix on /pricing.
The full MSSP-tier capability matrix. No asterisks, no "coming soon". Every row below ships today.
| Feature | MSSP |
|---|---|
| Intelligence | |
| Cluster Views | Unlimited |
| Entity Views | Unlimited |
| Smart Analysis (summary, impact, technical, response) | Yes |
| Threat Scoring (0–100, four sub-scores) | Yes |
| Attack Flows (CTID Attack Flow v3) | Yes |
| D3FEND Countermeasures | Yes |
| CWE Extraction | Yes |
| Public Exploit Tracking (Sonar) | Yes |
| Sub-Article Link Enrichment | Yes |
| X / Twitter Intelligence | Yes |
| Rising Threats (Explore) | Yes |
| Dark Web | |
| Ransomware Leak-Site Tracking | Yes |
| Credential Market Monitoring | Yes |
| Underground Forum Monitoring | Yes |
| Breach Matching | Yes |
| Company Domain Monitoring | Multi-customer |
| Exposure Management | |
| Per-Customer Asset Inventory | Yes |
| Asset Connectors (Tenable, Defender, CrowdStrike) | Yes |
| Bulk Upload (CSV / JSON) and API Asset Push | Yes |
| CISA SSVC Ranking | Yes |
| Asset Tagging (internet-facing, crown-jewel, isolated) | Yes |
| Threat Hunting | |
| Industry Threat Models (17 sectors) | Yes |
| Hunting Queries (KQL, SPL, Lucene) | Yes |
| Hunt Playbooks | Yes |
| ATT&CK Navigator Export | Yes |
| Diamond Model View | Yes |
| IOC Watchlist Export | Yes |
| Feeds & Alerts | |
| Personalised Threat Digest | Per customer |
| Custom Feeds | Unlimited |
| Tracked Interests | Unlimited |
| Alert Rules | Unlimited |
| Webhooks | Unlimited |
| RSS Feed | Yes |
| MISP Feed | 50 events |
| Scheduled Reports | Yes |
| Workflows | |
| Visual Workflow Editor | Yes |
| Workflows | Unlimited |
| Triggers (cluster, CVE threshold, entity, KEV) | Yes |
| Actions (webhook, Slack, Teams, email, ticket, AI summary) | Yes |
| Dry-Run Against Historical Data | Yes |
| Per-Workflow Audit Log | Yes |
| Reporting | |
| Reports / day | Unlimited |
| Notion-Style Editor | Yes |
| Dynamic Content Blocks (live data on every render) | Yes |
| White-Labelled Reporting | Per customer |
| Scheduled Delivery (daily / weekly / monthly / quarterly) | Yes |
| PDF / HTML / Markdown Export | Yes |
| Public Shareable URL | Yes |
| Theming (dark / light, colours, fonts, logo) | Yes |
| MSSP | |
| Multi-Customer Scoping | Yes |
| Customer Portal (read-only client view) | Yes |
| Aggregate MSSP Dashboard | Yes |
| Customer-Scoped Alert Routing | Yes |
| Custom Feature Development | Yes |
| AI Assistant | |
| Ask AI (per-cluster) | 99 / day |
| Cluster AI (global search) | Unlimited |
| Report AI inserts | Unlimited |
| Inline Source Citations | Yes |
| Collections & Tags | |
| Collections | Unlimited |
| Items per collection | 500 |
| Tags | Unlimited |
| Team Sharing with Roles | Yes |
| IOC Exports | |
| TXT / CSV / JSON | Yes |
| STIX 2.1 Bundles (TLP-marked) | Yes |
| Bulk IOC Export (confidence / type / time filters) | Yes |
| Integrations | |
| REST API | Higher limits |
| tc CLI | Yes |
| Agent Tool Surface | Yes |
| SIEM Ingestion (Splunk, Sentinel, Elastic, OpenSearch) | Yes |
| SOAR / Ticketing (webhook routing) | Yes |
MSSP pricing is per managed customer. No minimum, no cap. Add a customer when you win the contract, remove them when you don't.
Tell us how many clients you serve, what they expect from a weekly brief, and what their stack looks like. We'll set up a working environment, not a sandbox demo.