SecOps SIEM Sizing Calculator
Estimate your daily log ingestion volume, recommended SecOps tier, and monthly cost before you commit to a deployment. Figures are indicative — actual volumes depend on your logging verbosity configuration and SecOps contract terms.
Infrastructure
Application Categories
Enter the number of instances/nodes per category (0 if not applicable)
Estimate
Daily Ingestion
6.6 GB/day
Standard tier range (≤100 GB/day)
Recommended Tier
SIEM + SOARSecOps Standard
SIEM + SOAR platform. No curated detections included — customers bring their own detection rules. Supports custom threat intelligence feeds (STIX/TAXII, CSV). Best for organisations with a mature detection engineering team.
Storage Cost Estimate
Chronicle ingestion pricing is contract-based and depends on volume commitment, tier, and region. Storage costs above are indicative (~$23/TB/month Coldline equivalent). Contact Google Cloud or a partner for a full licence quote.
2.35 TB stored over 365 days at 6.6 GB/day
Volume Breakdown
Need a detailed sizing report?
We'll review your architecture, validate log sources, and produce a SecOps deployment plan with accurate cost modelling.
SecOps Tier Comparison
| Capability | Standard SIEM + SOAR | Enterprise + Google Threat Intel | Enterprise+ + Mandiant Intel |
|---|---|---|---|
| SecOps SIEM | ✓ | ✓ | ✓ |
| SecOps SOAR | ✓ | ✓ | ✓ |
| Custom YARA-L rules | ✓ | ✓ | ✓ |
| Bring-your-own threat intel | ✓ | ✓ | ✓ |
| Curated detection rules | – | ✓ | ✓ |
| Google Threat Intelligence | – | ✓ | ✓ |
| Applied Threat Intel matching | – | ✓ | ✓ |
| Mandiant Threat Intelligence | – | – | ✓ |
| Mandiant Advantage profiles | – | – | ✓ |
| Zero-day & vuln intelligence | – | – | ✓ |
Pricing is usage-based and contract-negotiated with Google Cloud. Contact us for a detailed quote.