Professional Tier $29/seat/mo
For working security teams, consultancies, and incident-response shops. Pro unlocks reporting, structured threat intel export, MITRE overlay, and AI-assisted narrative.
What you unlock
| Feature | Community | Professional |
|---|---|---|
| Packets per capture | 10,000 | 500,000 |
| File size limit | 50 MB | 500 MB |
| Seats | 1 | up to 5 |
| MITRE ATT&CK matrix | — | Yes + Navigator export |
| PDF / DOCX reports | — | Yes |
| STIX 2.1 / MISP / Sigma | — | Yes |
| YARA rule scanning | — | Yes (extracted artifacts) |
| AI analysis (remote providers) | — | Claude, OpenAI, Grok, Azure |
| Beacon & advanced detection | basic | full ruleset |
MITRE ATT&CK matrix overlay
Pro analyses every detection against MITRE ATT&CK’s Enterprise matrix (MITRE’s taxonomy, not the Intreys tier). The overlay view shows:
- Heat-mapped tactics (Initial Access, Execution, …, Impact)
- Per-technique confidence and evidence packet IDs
- Pyramid-of-Pain classification of each indicator
- One-click export to ATT&CK Navigator JSON
See MITRE mapping for the full walk-through.
PDF and DOCX reports
Generate analyst-grade reports from any session in two clicks: Export → Report → PDF / DOCX. Reports include:
- Executive summary (auto-generated, AI-optional)
- Risk gauge and protocol distribution charts
- All findings with severity, evidence, recommended action
- MITRE technique mapping
- Indicators of Compromise (IPs, domains, hashes, URLs)
- Network topology diagram
- Appendix with timestamped event log
Structured threat-intel export
- STIX 2.1 — bundles with indicators, sightings, identity, course-of-action
- MISP — JSON event compatible with MISP 2.4+
- Sigma rules — auto-generated from detected behaviors
- TAXII 2.1 — push to your team’s TAXII server
YARA rule scanning
Drop YARA rules into Settings → YARA. Intreys runs them against extracted files (executables, scripts, attachments, Office docs) reassembled from the capture. Matches surface as alerts and feed back into the MITRE overlay.
AI analysis
Pro supports remote AI providers (Claude, OpenAI, Grok, Azure OpenAI) in addition to local. Privacy controls include:
- force_local default — remote providers are off until you opt in
- Privacy classifier — flags packets containing PII before they're sent
- Per-provider cost tracking — see token spend per session
- Redaction rules — IP/host/email rewriting before any prompt is sent
See AI providers for setup.
Trial & activation
7-day free trial, no credit card required for trial. After trial expires, the app downgrades to Community feature set; your data stays. Activate by entering your license key under Settings → License.
Seat management
Pro is licensed per-seat (up to 5). The owner manages seats at license.intreys.com/portal. See Licensing for activation, deactivation, and machine moves.