Advanced Intrusion Detection and Network Monitoring

IntruDect is a multi-layered intrusion detection solution designed to provide deep network visibility and proactive threat detection. It consists of three key components:

Network Agent – Detecting Suspicious Network Activity

The network agent monitors all TCP/UDP traffic from mirrored network ports and identifies security threats, including:

  • Port Scans – Detects unauthorized network probing.
  • Lateral Movement – Identifies attempts to move between workstations.
  • Network Enumeration via DNS – Alerts on attackers gathering network information.
  • DNS C2 Traffic – Flags communication with command-and-control servers.
  • LDAP Attacks Against AD – Detects unauthorized attempts to query Active Directory.
  • Malicious User Agents – Flags suspicious software behavior.
  • Suspicious DHCP Hostnames & Anomalies – Detects inconsistencies in DHCP usage.
  • Egress SMB Traffic – Identifies unauthorized file-sharing activity.
  • Honeypot Integration – Traps and logs attacker behavior.

Egress Agent – Validating Network Isolation

The egress agent is deployed on separate hardware in isolated network segments that should not have internet access. It actively tests these segments using methods commonly employed by attackers to ensure they remain truly isolated.

Syslog Agent – Log Monitoring and Analysis

The syslog agent is installed on Linux servers and scans log files using user-defined regex rules to detect security events such as:

  • Failed login attempts
  • Sudo command usage
  • Unauthorized access attempts
  • SSH login anomalies
  • Service crashes
  • Configuration changes
  • Any other pattern that can be extracted from log files

Central Web Interface & Alerting

All data is collected in a central web interface, which can be hosted by the client or in the cloud. Users can browse events, create custom filters, and configure alerts for integration with MS Teams, Slack, and Mattermost. To prevent unnecessary noise, alert frequency can be controlled to limit repeated messages or enforce specific time intervals for notifications.

IntruDect provides a powerful and flexible intrusion detection framework, helping organizations detect threats early and respond effectively.