Intrudect combines passive network metadata analysis, isolated-segment egress validation, decoy-service monitoring, and regex-based log monitoring in one centrally managed platform. Agents do the watching; you work in a single Web UI.
Agents collect metadata and generate alerts where the traffic is. Everyone else interacts only with the central Web UI — for triage, investigation, and configuration.
Passively analyses traffic metadata and selected protocol activity from a SPAN port: scans, lateral movement, DNS tunnelling and C2, rogue DHCP/DNS, unauthorized services, IOC matching against aggregated threat feeds, and Suricata rule detection. Full detection list on the features page.
Configurable TCP/UDP listeners on selected IP and port combinations, with multiple IPs per instance and protocol emulation for common services (SSH, Telnet, FTP, mail, HTTP, databases, LDAP, VNC, SMB) to capture what an attacker attempts. Detects both SYN (half-open) and full connect scans, alerts on connection initiation, and captures full session PCAP on disconnect.
Runs 24/7, actively attempting outbound communication from sealed segments using DNS (A/AAAA/TXT), IPv4/IPv6 pathways, ICMP, proxy abuse, and discovered gateways. Alerts identify the leaking segment and the exact method that got out. A local read-only status web UI and JSON API on the agent show workers, recent activity, and runtime state.
Extends coverage into host and application logs with user-defined regex. Unlimited concurrent files per agent, custom message and severity per rule — syslog, web, database, and audit logs, including auditd and honeyfile access.
Agent management and configuration, per-module tuning, network segment and allowed-service management, agent health monitoring, and remote self-updating via signed packages. Password auth with MFA (TOTP and YubiKey), role-based permissions, and an audit log of every authentication and configuration change. A public REST API (/api/v1, bearer-token authenticated) exposes alert and metadata search, exports, and configuration for scripting and integrations — see the API reference.
Intrudect stores detailed context so alerts are investigable without full packet capture for every event.