Getting Started with Intreys™
From install to first finding in under ten minutes. This guide assumes Community tier — everything below works without a paid license.
1. Download & install
macOS
Download the universal .pkg from releases.intreys.com/latest and double-click to install. The installer registers ChmodBPF so live capture works without sudo.
# Verify (optional)
shasum -a 256 ~/Downloads/Intreys-*.pkg
# Compare against the SHA-256 published on the release page.Windows 10/11
Run Intreys-Setup-x64.exe. The installer bundles Npcap. If you already have Npcap installed, the installer will detect it.
Linux (Debian/Ubuntu)
sudo dpkg -i intreys_*.deb
# postinst grants cap_net_raw to /usr/bin/intreys-capture
# so live capture works without sudoLinux (RPM-based)
sudo dnf install ./intreys-*.rpm
# Or for Red Hat / CentOS:
sudo rpm -i intreys-*.rpmDocker
docker pull cybershelt/intreys:latest
docker run -p 8765:8765 -v $(pwd)/captures:/data cybershelt/intreys:latest
Air-gapped install? Download the offline bundle (
intreys-airgap-*.tar.gz) and follow the bundled INSTALL.md. Activation in offline mode uses the license token file shipped to your support contact.
2. First run
Launch Intreys. The app walks you through setup once:
- Accept the End User License Agreement. You can read the full Terms of Use and Privacy Policy before agreeing.
- Create your owner account. Provide your name, work email, company (optional), a username, and a password. The owner account is created locally; nothing is sent to Intreys infrastructure.
- Verify your email or activate a license if you’re starting a Professional trial or activating a paid tier. Community users skip this step.
- Sign in. The dashboard loads with a risk gauge, packet stats, protocol distribution, and top-risk IPs.
- A welcome panel offers a sample PCAP — click Load sample to skip ahead.
You set your own password. Intreys never generates a password for you and never prints credentials to a console. If you forget your password, use the Forgot password link on the sign-in screen, or see Troubleshooting → Account recovery.
3. Your first PCAP analysis
- Click Upload in the topbar (or press
Ctrl/Cmd + O). - Drop a
.pcapor.pcapngfile (up to 50 MB on Community). - The 21-stage pipeline starts automatically. You can watch progress in the right-rail.
- When stage 21 completes, the Dashboard refreshes with findings.
Don’t have a PCAP? Try one of these public sample sources:
- malware-traffic-analysis.net — real malware captures with write-ups
- NETRESEC public PCAP repository
- SampleCaptures bundled with Wireshark (often in
/usr/share/wireshark)
4. Reading your first finding
Open the Alerts view (Ctrl/Cmd + 4). Each row is a detection with a severity, a one-line description, and a link to the relevant flow or packet. Click a row to expand the detail panel:
- Why we flagged this — the rule or heuristic name and the signal that fired
- What you should do — suggested next step (block, isolate, investigate, ignore)
- Linked artifacts — the packet IDs, hosts, files, and IOCs involved
- MITRE technique — if applicable, with a link to the ATT&CK matrix view
5. Recommended next reads
- PCAP analysis — the pipeline stages explained
- Live capture — capture on your local interface
- Threat hunting — hypothesis-driven investigation
- AI providers — turn on local AI for narrative summaries
Keyboard shortcuts
| Action | macOS | Windows / Linux |
|---|---|---|
| Command palette | Cmd + K | Ctrl + K |
| Upload PCAP | Cmd + O | Ctrl + O |
| Switch view (1–9) | Cmd + 1…9 | Ctrl + 1…9 |
| Help panel | ? | ? |
| Close dialog | Esc | Esc |
Need help?
- Troubleshooting — the 30 most common issues, with fixes
- FAQ — questions buyers and users ask
- Support ticket — reach a human