Kvlar RADAR
Agent
observability.
Real-time observability and anomaly detection for AI agents. Know what your agents are doing, detect abnormal behavior, investigate incidents, and export to your SIEM. The agent security analytics layer.
Pricing
Pick your plan.
Community
For individuals exploring agent observability.
- Agents3
- Events / month10K
- Data retention7 days
- DashboardsBasic
- Anomaly detection—
- AlertsEmail
Pro
For teams shipping agents with observability built in.
- Agents10
- Events / month100K
- Data retention30 days
- DashboardsFull
- Anomaly detectionStatistical
- AlertsEmail + Slack
- InvestigationsBasic
Team
For security teams that need detection, investigation, and SIEM integration.
- Agents50
- Events / month1M
- Data retention90 days
- DashboardsCustom
- Anomaly detectionML-based
- AlertsAll channels
- InvestigationsFull
- SIEM exportSplunk, Datadog, Elastic
- SupportPriority (8h)
Enterprise
For organizations with advanced detection and compliance needs.
- AgentsUnlimited
- Events / monthUnlimited
- Data retention1 year+
- DashboardsWhite-label
- Anomaly detectionCustom models
- AlertsAll + custom
- InvestigationsFull + playbooks
- SIEM exportAll + custom formats
- SSO / SAMLIncluded
- SLA99.99%
- Compliance reportsIncluded
Bundle & Save — SHIELD + RADAR
Pro Bundle
$89/mo
Save $19/mo vs. separate plans
Team Bundle
$399/mo
Save $49/mo vs. separate plans
Enterprise Bundle
Custom
Volume discount for full platform
Capabilities
What RADAR
sees.
SHIELD enforces policies. RADAR observes everything else. Behavioral baselines, anomaly detection, investigation workflows, and SIEM integration for the security team that needs to know what agents are actually doing.
Behavioral baselines
RADAR builds per-agent behavioral profiles from historical data. Tool usage frequency, resource patterns, timing distributions, and denial rates.
Anomaly detection
Statistical and ML-based detection of behavioral deviations. Spikes, drifts, new resources, unusual timing, and denial surges — with confidence scores.
Investigation workflows
When anomalies fire, security teams need investigation tools. Timelines, related events, root cause analysis, and remediation tracking.
SIEM integration
Export agent security events to Splunk, Datadog, Elastic, or any webhook. CEF, JSON, and syslog formats supported.
Real-time dashboards
Event volume charts, anomaly heatmaps, agent activity streams, and denial rate trends. Live view of your entire agent fleet.
Alert routing
Route high-confidence anomalies to Slack, PagerDuty, email, or webhook. Configurable severity thresholds and cooldown periods.
Comparison
Full feature
breakdown.
| Feature | Community | Pro | Team | Enterprise |
|---|---|---|---|---|
| Usage | ||||
| Agents | 3 | 10 | 50 | Unlimited |
| Events / month | 10K | 100K | 1M | Unlimited |
| Data retention | 7 days | 30 days | 90 days | 1 year+ |
| Observability | ||||
| Event ingestion API | ||||
| Real-time dashboards | ||||
| Custom dashboards | ||||
| Agent behavioral baselines | ||||
| Event volume charts | ||||
| Detection & Response | ||||
| Statistical anomaly detection | ||||
| ML anomaly detection | ||||
| Custom anomaly models | ||||
| Investigation workflows | ||||
| Investigation playbooks | ||||
| Cross-agent correlation | ||||
| Integrations & Alerting | ||||
| Email alerts | ||||
| Slack alerts | ||||
| PagerDuty / webhook alerts | ||||
| Splunk export | ||||
| Datadog export | ||||
| Elastic export | ||||
| Custom SIEM format | ||||
| Support & Compliance | ||||
| Community support | ||||
| Email support | ||||
| Priority support | ||||
| Dedicated support | ||||
| SLA | — | — | 99.9% | 99.99% |
| Compliance reports | ||||
| SSO / SAML | ||||
FAQ
Common
questions.
How does RADAR relate to SHIELD?
SHIELD is about control — policies, enforcement, and governance. RADAR is about visibility — observability, anomaly detection, and investigation. They share the same event data and are designed to work together, with bundle pricing for organizations that need both.
What events does RADAR ingest?
RADAR ingests audit events from the Kvlar SDK proxy and SHIELD. Every tool call, policy decision, and resource access is captured with full context: agent ID, action, resource, outcome, parameters, timing, and environment.
How does anomaly detection work?
RADAR builds behavioral baselines per agent from 7+ days of historical data. It tracks tool usage frequency, resource access patterns, timing distributions, and denial rates. When current behavior deviates significantly from the baseline, an anomaly is flagged with a confidence score.
Can I use RADAR without SHIELD?
Yes. RADAR ingests events directly from the Kvlar SDK proxy via API. SHIELD is not required. However, organizations using both get a unified control-and-observe platform with bundle pricing.
Which SIEMs are supported?
Team and Enterprise plans support export to Splunk (via HEC), Datadog (via API), and Elasticsearch (via bulk API). Webhook and syslog export are also available for any custom endpoint.
What happens if I exceed my event limit?
Events above your plan limit are queued. You'll get a notification and a 7-day grace period to upgrade. No data is lost during the grace period.
See what your agents
are really doing.
Start with the free Community tier. Get full observability with Pro. Add ML detection and SIEM integration with Team.