Look deeper.
Find everything.

The Evidence Correlation Workbench for incident response. Drop PCAPs, Outlook .msg / EML, cloud audit trails, and OS logs onto a single timeline — one click pivots across every report that mentions an indicator. No cloud required.

Download Free Watch Demo See Features

4Evidence Sources Correlated

1Unified Timeline

5Pivot Indices (IP / Domain / User / Host / Actor)

0Cloud Dependencies

See it in action

From dashboard triage to deep packet inspection — a complete investigation workflow.

Intreys Dashboard — risk gauge, stat cards, protocol distribution, top risk IPs, and alert summary

Dashboard — Risk scoring, traffic stats, protocol distribution, and top risk IPs at a glance

Intreys Deep Packet Inspection — Wireshark-style packet list with protocol coloring

Deep Packet Inspection — Wireshark-quality packet analysis with display filters

Intreys Network Map — interactive topology with IP risk detail panel

Network Map — Interactive topology with OSINT lookup and risk scoring

Intreys Timeline — chronological event analysis with severity filtering

Timeline — Kill-chain story mode with attack phase grouping and severity filtering

Intreys Investigation Graph — living force-directed graph with attack chain detection and particle flow

Investigation Graph — Living network visualization with attack chain detection

See Intreys Investigate

Watch how Intreys turns PCAPs, email evidence, cloud/network flow logs, and OS logs into one correlated investigation timeline.

Demo video coming after rc8 packaged smoke validation.

We’re finalizing the recorded walkthrough so what you see here matches the shipped build, packet for packet.

Look deeper. Find everything.

Download Community Start Professional Trial

Built for the analyst workflow

From initial triage through structured export, Intreys™ covers the full investigation lifecycle.

🔎

Deep Packet Inspection

Wireshark-compatible display filters, full TCP/UDP stream reassembly, hex dump inspection, protocol tree dissection, and expert info panels. Virtual scrolling handles 500K+ packet lists.

🎯

Automated Threat Hunting

C2 beacon detection, DNS tunneling, data exfiltration, lateral movement, port scanning, credential theft, and covert channel analysis. Hypothesis-driven hunts with playbook-guided investigation.

🤖

AI-Assisted Analysis

Attack narrative generation with Mermaid diagrams. Local AI analysis (runs on your hardware). Cloud providers supported with privacy controls and cost tracking.

🏭

ICS/SCADA Security

10 industrial protocol dissectors including Modbus, DNP3, S7comm, IEC-104, and OPC UA. Security policy enforcement, dangerous operation detection, and per-host health scoring.

📡

Live Packet Capture

High-performance capture engine with real-time streaming. PCAP file writing for captured traffic. No external tools required.

📈

MITRE ATT&CK Mapping

Visual ATT&CK matrix with detected techniques. Pyramid of Pain indicator classification. ATT&CK Navigator JSON export for team collaboration.

📦

Export Everywhere

STIX 2.1, MISP, TAXII 2.1, Sigma rules. PDF and DOCX reports. Full JSON and CSV export. YARA rule scanning on extracted artifacts.

🔒

Enterprise Security

Role-based access control, encrypted API key storage, login rate limiting, enterprise-grade security controls, audit logging, and cryptographically signed license verification.

🌐

Threat Intelligence

Online enrichment via AbuseIPDB, VirusTotal, GreyNoise, OTX, Shodan, and URLScan. Threat feed ingestion with local caching for offline use. DGA detection.

67 protocols. Zero-dependency installation.

No tshark, Wireshark, or Suricata required. Every dissector is built in with no external dependencies.

Ethernet ARP IPv4 IPv6 TCP UDP ICMP DNS HTTP/1.x HTTP/2 TLS/HTTPS QUIC SSH FTP SMTP POP3 IMAP SMB LDAP Kerberos DHCP SNMP NTP SIP Syslog RDP VNC WinRM WebSocket gRPC MySQL PostgreSQL Redis MSSQL Oracle Modbus TCP DNP3 S7comm IEC 60870-5-104 OPC UA BACnet PROFINET CIP/EtherNet/IP GE-SRTP Niagara Fox MQTT CoAP Bluetooth BLE ZigBee Thread 6LoWPAN LoRaWAN OSPF LLDP STP SOCKS Tor IEEE 802.15.4 LLMNR mDNS NBNS DCE/RPC Telnet RADIUS TACACS+ TFTP

Simple pricing

Start free. Scale when you need to.

Monthly Yearly Save 17%

Community

Free

Forever

For individual analysts and students

50,000 packets per capture
50 MB file size limit
Single user
All 67 protocol dissectors
Live packet capture
Automated threat hunts
MITRE ATT&CK mapping
Pyramid of Pain
Beacon detection
Attack narrative engine
Local AI (llama.cpp, MLX)
CSV & JSON export

Download

7-day free trial

Professional

$29/mo per seat

For security teams and consultancies

500,000 packets per capture
500 MB file size limit
Up to 5 users
Everything in Community, plus:
PDF & DOCX reports
STIX, MISP, TAXII, Sigma export
ATT&CK Navigator JSON export
YARA rule scanning
Cloud AI (Claude, GPT, Grok, Azure)
Hunt workspace & case management
Priority email support

Buy Professional

No credit card required for trial

Team

$99/mo per seat

For growing SOCs and consulting teams

Files up to 2 GB per analysis
Unlimited packet count (subject to local hardware)
Unlimited users
Everything in Professional, plus:
ICS/SCADA & IoT modules
SSO (OIDC)
Real-time team collaboration
SIEM integration (Splunk, ELK, Syslog)
Campaign analysis & multi-case timelines
Priority email support (24-hour SLA)

Buy Team

or Contact Sales for volume pricing

Enterprise / MSSP

$499/mo per deployment

For MSSPs and regulated enterprises

Everything in Team, plus:
Multi-tenant case isolation
OIDC SSO + SCIM 2.0 provisioning
SAML 2.0 SSO — available by request (enterprise preview)
Tamper-evident audit logging
Compliance mapping (NIST, PCI, HIPAA)
Customer-managed keys (CMEK / BYOK)
Air-gapped / on-prem deployment
White-label branding
Priority email support

Buy Enterprise

Self-checkout under Intreys standard Terms of Use. Need volume pricing, procurement / PO, MSA / DPA / BAA, custom SLA, 24×7 support, on-prem / air-gapped deployment, BYOK / CMEK, government, or MSSP / reseller terms? Contact Sales.

Look deeper.Find everything.