About

What

Intrudect is a monitoring solution designed to detect network anomalies, intrusions, and significant events using data from server log files and packet capture. It features a web-based configuration interface for centralized management of alerts and agents, and integrates directly with chat applications to deliver notifications. Built on a modular architecture, each component focuses on a specific task, ensuring that only important events are logged without the clutter of routine data.

Why

Intrudect emerged from the real-world experiences of red team professionals. Over time, they observed that even medium-sized organizations often lack complete visibility into their networks. Attackers can roam undetected, mapping the network, discovering services, spraying passwords (staying just below lockout thresholds), and probing internal systems. In many cases, log files are only examined after initial indicators of compromise appear.

This insight led to a simple yet effective approach: there’s no need for complex AI or machine learning to detect common signs of intrusion. Instead, monitoring for things like failed login attempts in syslog, a high number of SYN packets from a single machine, or unexpected RDP traffic can quickly flag potential issues.

What about other products

Many open-source products, when combined and tinkered with custom rules and scripts, can produce better results. However, the idea was to have a product that works out of the box. Events are web-based, configuration is centralized, and important alerts can be easily sent to a chat application.

Using it together with Arkime or Security Onion is probably the best idea.