Intrudect
Modular Network Monitoring & Intrusion Detection
Self-hosted · No telemetry · EU-built
Intrudect is a modular, self-hosted platform for internal network visibility. It combines passive network metadata analysis, isolated-segment egress validation, decoy services, and regex-based log monitoring in one centrally managed system — surfacing internal reconnaissance, lateral movement, unauthorized services, and outbound paths that should not exist.
The focus is actionable metadata and low operational overhead, not broad packet-signature matching.
Components
| Component | Purpose |
|---|---|
| Network Agent | Passive analysis of mirrored (SPAN) traffic: scans, lateral movement, C2, rogue DNS/DHCP, service exposure |
| Egress Agent | Verifies that isolated or restricted segments truly cannot reach the internet |
| Honeypot | Decoy TCP/UDP services as a low-noise tripwire for recon and lateral movement |
| Log Agent | Regex-based monitoring of system and application logs |
| Central Web UI | Alert triage, search, dashboards, configuration, integrations, and exports |
What it detects
- Recon & discovery — port/ARP/DNS scanning, unused-IP probing, LDAP/AD enumeration
- Lateral movement — unauthorized admin-protocol traffic, cross-segment policy violations, password spraying
- C2 & exfiltration — DNS tunneling, DGA domains, TOR, SMB-to-internet, MISP IOC matches
- Asset visibility — device & service inventory, new-device and unauthorized-service alerts
Why Intrudect
The only NDR platform with a built-in network honeypot and egress-isolation verification as native components — not add-ons. Lower cost and faster to deploy than enterprise NDR, with more out-of-the-box coverage than open-source stacks.
Deployment
Self-hosted on Debian/RHEL (amd64/arm64), from single-site to multi-site and reseller/SaaS. Runs without internet access — no call-home, no telemetry. Web UI access uses MFA (TOTP and YubiKey). Alerts are delivered via webhooks (Slack, Microsoft Teams, Mattermost, Discord), e-mail, or JSON export to SIEM/SOAR (Elastic, Wazuh, Security Onion).