Our Story

Security tools built by people
who run real networks

XDRagon Monitor started as a personal detection lab — pfSense at the edge, Suricata on a mirror port, too many late nights investigating alerts that commercial tools couldn't explain. We built the tools we needed. Then we made them production-ready — and released them as XDRagon Monitor, open source under Apache 2.0.

XDRagon Monitor Dragon
Practitioner-built
Every feature exists because someone needed it in a real SOC environment — not because it looks good in a slide deck.
Local AI, always
Your alert data never leaves your premises. All LLM inference runs on your hardware via Ollama. No API keys to manage.
SMB to enterprise
Designed to be operated by one person or a full SOC team. Complexity scales with your team, not the other way around.

Six things we don't compromise on

These principles guide every architectural decision and feature prioritisation. They explain why XDRagon Monitor works the way it does — and why we rejected certain design choices that would have made the platform easier to build.

01 — Privacy First
Your data never leaves your environment
Network telemetry is among the most sensitive data an organization produces. XDRagon Monitor processes everything locally — the AI models, the threat intel correlation, the compliance engine. There is no "phone home", no cloud backend, no vendor visibility into your alerts.
02 — Explainable Detections
Every alert should be explainable in plain language
Black-box alerts cause alert fatigue. Every detection in XDRagon Monitor shows the raw event, the ML score, the MITRE ATT&CK mapping, and an AI-generated explanation. You should always understand exactly why an alert was raised before you act on it.
03 — No Cloud Lock-in
Dependency on external services is a risk
SaaS security tools can be revoked, priced out of reach, or discontinued. XDRagon Monitor runs on hardware you own. Threat intel feeds are optional and individually replaceable. The core detection capability works entirely offline, indefinitely.
04 — Automation-First
Manual tasks get skipped when people are busy
Security tools that require daily human intervention fail during incidents — exactly when they're needed most. XDRagon Monitor runs 7 autonomous background jobs that classify, correlate, and brief without operator input. The system should make progress while you sleep.
05 — Compliance Built-In
Compliance evidence should be automatic
NIS2, NIST CSF 2.0, and CIS Controls v8.1 are not afterthoughts bolted onto a detection tool. The compliance engine maps every detection to specific control requirements in real time, generating audit-ready evidence packages without manual spreadsheet work.
06 — Operator Sovereignty
The operator always controls what happens
XDRagon Monitor is a detection and analysis platform, not an autonomous response system. Network sensors operate in passive mode by default. Blocking rules require explicit operator approval. The AI advises — the operator decides. Every action is logged and reversible.

Continuous development pipeline

XDRagon Monitor is built on ASEWAVE — our own engineering methodology, where every change is independently verified against the actual code and runtime before it ships. Nothing is trusted on claim alone. Every release is tested against 800+ automated tests and shipped with signed, verifiable provenance (SLSA/Sigstore).

RESEARCH
Problem is defined, codebase explored, root cause confirmed
IMPLEMENTATION
AI-assisted development with full codebase context
VERIFICATION
Every change independently checked against the actual code and runtime — never trusted on claim alone
TESTING
800+ automated tests plus UX, security, compliance, and i18n review must pass
RELEASE
Signed release with verifiable build provenance, docs current
800+
Automated tests per release
SLSA
Signed build provenance (Sigstore)
100%
Changes independently verified
0 regressions
Goal per release

Built on real technology,
not marketing claims

These aren't marketing checkboxes — they're verifiable technical properties of the platform that you can inspect, test, and validate before deployment.

Open source, Apache 2.0
Security tools should be inspectable. XDRagon Monitor is open source under the Apache 2.0 license — the full source is on GitHub, so you can verify exactly what runs in your environment. No compiled blobs, no obfuscated dependencies.
Suricata at the core
Detection is built on the industry-standard Suricata IDS engine with full EVE-JSON telemetry, custom rule support, Sigma rule integration, and the same rule sets used by national CERTs.
Local LLM inference only
All six AI models run on your hardware via Ollama. Model files are fully inspectable — system prompts and parameters are documented and version-controlled. No hidden inference endpoints.
No vendor dashboard access
We have no visibility into your alerts, your network topology, or your security posture. There is no telemetry callback. Your deployment is entirely yours — we can't see it even if we wanted to.
Standards-based compliance
NIS2, NIST CSF 2.0, and CIS Controls v8.1 mappings are based on the published framework specifications. Control IDs are explicit in the codebase, not abstracted behind proprietary scoring models.
Runs on commodity hardware
The only requirement is Docker and Docker Compose — the core stack starts from 2 GB RAM and 10 GB disk, with a GPU recommended for faster local AI. No proprietary hardware, no vendor-locked appliances, no ongoing hardware licensing costs.

One team, one mission

XDRagon Monitor is the product, Wi24rd-Com is the maintainer behind it, and ASEWAVE is the engineering methodology it is built on — all sharing the same principle: practitioner-built, fully local, no vendor dependencies.

XDRAGON
XDRagon Monitor
Self-hosted XDR platform
Full-spectrum network security monitoring with local AI detection, behavioral analytics, DNS threat analysis, endpoint XDR, and autonomous SOC capabilities — plus a built-in NIS2/NIST/CIS compliance engine. The platform you're looking at right now: self-hosted on your own hardware, no cloud dependency, open source under Apache 2.0.
Suricata IDS at the core
6 local Ollama AI models
NIS2, NIST CSF 2.0 & CIS Controls v8.1 built-in
Docker Compose deployment
Open source · Apache 2.0
WI24RD
Wi24rd-Com
The maintainer of XDRagon Monitor
The maintainer behind XDRagon Monitor — decades of experience in IT security, full-stack development, and enterprise infrastructure. One developer owns the product, prioritization, and architecture. Open source by default, upstream only by design: no contract work, no private forks, no customer-specific code. Feature requests are free and weighed against the roadmap; sponsored priority slots can fund expedited upstream development — subject to acceptance and upstream fit.
Builds and maintains XDRagon Monitor
Free feature requests — evaluated against the roadmap
Sponsored priority slots — expedited upstream development
Upstream only by design · Apache 2.0 — see wi24rd.com
ASEWAVE
ASEWAVE
The engineering methodology behind XDRagon Monitor
ASEWAVE — Augmented Solo Engineering With Adversarial Verification + Evidence — is the development model XDRagon Monitor is built on. Its first law: never guess. Every claim is verified against the actual code, git history, and runtime before anything ships. We created the methodology, we maintain it, and we publish it openly at asewave.org.
Adversarial verification — no claim trusted on faith
Evidence-first audit trail on every change
Human decision points at every phase gate
Published and maintained at asewave.org
Get in touch
XDRagon Monitor is open source under Apache 2.0 — you can clone it from GitHub and run it today. This is a passion project built in our spare time: sign up for release updates, or share your feedback and ideas — every message is read by the maintainer.
Let's talk
Contact
Via the form — every submission gets a personal reply
GitHub
github.com/XDRagonXDR/xdragon-monitor
Based in
Denmark · Europe
Common use cases
SMB network monitoring NIS2 compliance pfSense + Suricata Air-gapped networks SOC augmentation MSSP platform Incident response OT/ICS adjacent University labs Government IT
A note on expectations
XDRagon Monitor is an open-source passion project, built and maintained in spare time alongside a day job in IT security. There is no commercial support offering — but every message is read, bug reports get fixed, and good ideas find their way into the roadmap.