Intelligent threat detection and autonomous response for modern networks.
Revenix is a network intrusion detection and prevention platform that combines deep packet inspection with a 5-model ML ensemble.
Core capabilities:
- Deep Packet Inspection (DPI)
- JA3 TLS ClientHello fingerprinting
- DNS tunneling detection
- SSH brute-force flow-pattern detection
- 5-model ML ensemble
- Isolation Forest
- Autoencoder
- Sequential Pattern Detector
- Baseline Deviation Analyzer
- Per-device Behavioral Profiling
- Self-healing response
- Auto-block and manual block workflows
- Temporary and permanent block lists
- Cross-platform firewall synchronization
- Real-time dashboard
- Live traffic and flow views
- Threat management and IP management
- Alerting configuration
graph LR
A[Network Traffic] --> B[Core - Rust]
B --> C[Redis Streams]
C --> E[API - FastAPI]
E --> D[Brain - Python ML]
D --> E
E --> F[Dashboard - Next.js]
D --> G[Firewall Sync]
Components:
core/- packet capture, flow aggregation, DPIbrain/- ML scoring, ensemble voting, self-healing decisionsapi/- persistence, auth, REST endpoints, notificationsdashboard/- operator UIdeploy/sql/- schema and seed scripts
Prerequisites:
- Docker + Docker Compose
- 4 GB RAM minimum (8 GB recommended)
- For packet capture:
- Linux Docker host for containerized core capture, or
- Windows native agent bundle
Linux note: examples use
sudo docker ...because many Fedora/Linux installs require root for Docker. If your user is in thedockergroup, you can omitsudo.
git clone https://github.com/so1icitx/revenix.git
cd revenix
sudo docker compose up -d --buildThis starts the control plane (postgres, redis, api, brain, dashboard, plus optional monitoring containers).
Start packet capture on the same Linux host only when you want the Core container:
sudo docker compose --profile capture up -d --build coreOpen:
- Dashboard:
http://localhost:3000 - API docs:
http://localhost:8000/docs
git clone https://github.com/so1icitx/revenix.git
cd revenix
python start-revenix.pystart-revenix.py starts the control plane and prepares/runs the Windows agent flow.
- Build bundle (from repo root):
cd core
.\scripts\build-windows-agent.ps1- Copy
core\dist\windows-agentto the endpoint. - Copy
agent.env.exampletoagent.envand set:
API_URLREDIS_URLREDIS_PASSWORDINTERNAL_SERVICE_TOKEN
- Install as Administrator:
Set-ExecutionPolicy -Scope Process Bypass -Force
.\install.cmdAgent task controls (Admin shell):
.\status.cmd
.\stop.cmd
.\start.cmd
.\restart.cmd- Build bundle (from repo root):
chmod +x core/scripts/build-linux-agent.sh
DOCKER_USE_SUDO=1 ./core/scripts/build-linux-agent.shWindows/PowerShell alternative:
cd core
.\scripts\build-linux-agent.ps1- Copy
core/dist/linux-agentto endpoint. - Configure
agent.env. - Install:
sudo ./install.sh- First account is created via signup.
- API endpoints require authentication after initial setup.
- Internal service calls use
X-Internal-Token(INTERNAL_SERVICE_TOKEN).
Supported integration types:
slackdiscordemailpagerduty- generic
webhook
Configure in Dashboard -> Alerting.
- Initial training threshold default:
200flows (configurable). - Start learning from the dashboard/system controls.
- After threshold is reached, models train and system can run in active mode.
Brain tests:
cd brain
pytest tests -vDashboard tests:
cd dashboard
npm install
npm testBefore public/production deployment:
- Replace default secrets (
JWT_SECRET_KEY,INTERNAL_SERVICE_TOKEN,POSTGRES_PASSWORD,REDIS_PASSWORD). - Restrict network exposure and firewall access.
- Enable HTTPS via reverse proxy.
- Validate auto-block policy in monitor-first rollout.
This project is licensed under GNU General Public License v3.0.
See LICENSE.