Intrudect

What

Intrudect monitors network traffic, packet captures, and service logs to detect anomalies, intrusions, and high-signal security events. It uses modular agents and a central web interface so teams can collect only relevant telemetry, reduce noise, and keep investigations practical.

Why

Intrudect emerged from the real-world experiences of red team professionals: many organizations still lack full visibility inside internal or segmented networks. Attackers can map services, move laterally, spray passwords below lockout thresholds, and stay unnoticed until late. Intrudect focuses on detecting these common patterns early without overcomplicated setup.

Key benefits

Early detection: catches reconnaissance, lateral movement, policy violations, and suspicious outbound traffic.
Lower TCO and lower maintenance effort: more cost-efficient than high-priced enterprise NDR and easier to deploy and operate than script-heavy open-source stacks.
Automation-ready workflows: alerts can be forwarded via webhooks, e-mail, JSON into SIEM, SOAR, and external orchestrators.
Differentiator for segmented and isolated networks: Egress Agent exposes unauthorized outbound paths from air-gapped segments, while Honeypot provides low-noise tripwire detection for internal reconnaissance and lateral movement.
Practical operations: central console for alert triage, remote agent updates, dashboards, and export.
Modular platform: Network Agent, Egress Agent, Honeypot, and Log Agent.
Detection + metadata: retained DNS/TCP/DHCP/HTTP telemetry, with MISP IOC enrichment.
SaaS + multisite support: usable by resellers and larger organizations with separated site scope.