A company should not have to wait for a sales process before seeing whether its own credentials, cookies, or sessions have been exposed. When that first layer of visibility is gated, the security team may be forced to argue for budget before it can even show what risk exists.
Lunar takes a cleaner approach. Companies can see exposure tied to their verified domains for free, then decide whether paid response features are needed once the workload becomes clear.
The First Layer Is Knowing What Is Exposed
Before a team can decide what to reset, revoke, investigate, or escalate, it needs to know what appeared outside the organization. Guessing from internal alerts alone can leave gaps, especially when exposed access has not yet triggered suspicious activity inside company systems.
Lunar’s Community plan gives teams free visibility into exposed credentials, infostealer and breach data, stolen session cookies, and related exposure tied to verified domains. It also includes one-year historical coverage, automated classification, severity scoring, and weekly credential exposure email alerts.
Free Access Changes The Budget Conversation
Security teams often have to justify tools before they have hard evidence of the problem. That can turn credential exposure into a circular debate: the team needs visibility to prove risk, but it needs budget approval to get visibility.
Lunar breaks that loop by making the first exposure view free. A team can verify its domain, review the findings, and use actual exposure data to decide whether it needs a bigger response process.
Visibility Is Not The Same As Response Capacity
Seeing exposed access is only the first step. Once findings start arriving, the team still has to decide who owns the response, which accounts need action, whether sessions should be revoked, and whether device investigation is needed.
That is where free visibility may stop being enough. If the team has to notify employees, brief leadership, export findings, or route alerts to several people, the response workload can outgrow a basic review process.
Essential Supports The Human Handoff
Lunar Essential fits teams that need more structure around exposed-credential response. It adds unlimited asset monitoring, full access to forensic data, one-click breach notifications for exposed employees, configurable multi-recipient email alerts, reporting, dashboards, executive summaries, and multiple export formats.
Those features matter when the work no longer belongs to one security lead checking alerts. They help the team move findings to the right people, document the response, and keep stakeholders informed without rebuilding the process every time.
Professional Supports The Systems Handoff
Lunar Professional fits teams that need breach monitoring to connect with larger security operations. It adds automations, application programming interface and webhook integrations, full access to deep and dark web intelligence, AI-driven Query Builder, predefined dark web query templates, system auto-enrichments, saved queries, and alerting workflows.
That level is useful when exposure findings need to move through existing tools, recurring searches, and automated routes. It is less about seeing more screens and more about keeping breach monitoring from becoming a separate manual task.
The Upgrade Point Should Be Workload, Not Anxiety
A team should not upgrade because credential theft sounds serious. It should upgrade when the current process is creating delays, missed handoffs, repeated manual exports, reporting gaps, or too much analyst sorting.
Lunar makes that decision easier because the team can start with free evidence. If the exposure queue is manageable, Community may be enough; if the work spreads across people, systems, and reports, paid features have a clearer job.
Free Visibility Can Prevent Premature Buying
Buying a large security platform before checking actual exposure can waste budget and create a tool no one has time to use well. A smaller team may only need to know which credentials, cookies, or sessions are exposed and what should be reviewed first.
Lunar’s free tier gives that team a realistic starting point. It can see the problem first, then decide whether the next investment should support people, reporting, automation, integrations, or deeper investigation.
Advanced Features Should Remove Real Friction
Paid features earn their place when they reduce work the team is already doing by hand. Alerts, employee notifications, reports, dashboards, exports, automations, integrations, saved queries, and deeper intelligence should shorten the path from finding to action.
That keeps the decision grounded in operations instead of fear. Lunar’s paid tiers are strongest when they help the team act on exposure faster, share findings more cleanly, and connect breach monitoring to the rest of the security process.
Start With Exposure, Then Choose The Response Layer
The strongest first move is not always buying the largest plan. It is verifying the company domain, seeing what exposure exists, and using that evidence to decide what the team needs next.
Lunar gives companies that path. Start with free visibility, review the findings, identify the response burden, and add advanced features only when they solve a real workload problem.
Frequently Asked Questions
What does “free to see” mean in Lunar?
“Free to see” means organizations can use Lunar Community to view exposure connected to their verified domains without paying for the first layer of breach visibility. The free plan includes real-time credential exposure detection, infostealer and breach coverage, stolen session cookie detection, automated classification, severity scoring, and weekly credential exposure email alerts.
This gives teams a way to begin with actual exposure data instead of guessing whether company-related credentials, cookies, or sessions are already circulating outside the organization.
What does “equipped to act” mean in Lunar?
“Equipped to act” refers to the paid features that help teams turn breach visibility into a more organized response process. Lunar’s paid plans add capabilities such as full forensic data access, employee breach notifications, configurable alerts, reports, dashboards, executive summaries, export options, automations, integrations, advanced search, saved queries, and alerting workflows.
Those features are useful when exposure monitoring becomes more than one person reviewing alerts. They help teams notify, document, route, investigate, and connect findings to a larger security workflow.
How should a team decide whether to stay free or upgrade?
A team should look at exposure volume, response timing, reporting needs, and the amount of manual work created by each finding. If the queue is manageable with free visibility and internal procedures, Community may be enough for the current stage.
An upgrade makes more sense when the team needs faster alerts, multiple recipients, employee notifications, reporting, exports, integrations, automations, or deeper deep and dark web intelligence. The right plan should solve a workflow problem the team already has.








