About

What

Intrudect is a monitoring solution designed to detect network anomalies, intrusions, and significant events by analyzing server log files and packet captures. It includes a web-based configuration interface for centralized management of alerts and agents, and integrates with chat applications to deliver notifications. Built on a modular architecture, each component is dedicated to a specific task, ensuring that only relevant events are logged, reducing noise from routine or non-critical data.

See Features for more details about Intrudect capabilities.

Why

Intrudect emerged from the real-world experiences of red team professionals. Over time, it was observed that even medium-sized organizations often lack complete visibility into their networks. Attackers can roam undetected, mapping the network, discovering services, spraying passwords (staying just below lockout thresholds), and probing internal systems. In many cases, log files are only examined after initial indicators of compromise appear.

This insight led to a simple yet effective approach: there’s no need for complex AI or machine learning to detect common signs of intrusion. Instead, monitoring for things like failed login attempts in syslog, a high number of SYN packets from a single machine, or unexpected RDP traffic can quickly flag potential issues.

What about other products

While many open-source tools can deliver strong results when extensively customized with rules and scripts, the idea here is to provide something that works out of the box — with centralized configuration, web-based event handling, and streamlined alerting to chat platforms.

Using it together with Arkime or Security Onion is often the best approach.