XDRagon Monitor watches your network, your computers, and your internet traffic around the clock — spots attacks, explains them in plain language, and tells you what to do next. Built-in EU compliance (NIS2) included. No security team required — and it scales up when you have one.
Free and open source (Apache 2.0) — no license fees, no subscriptions, no per-device pricing.
XDRagon Monitor unifies telemetry from firewalls, IDS/IPS sensors, DNS resolvers, and endpoint agents into a single high-fidelity data fabric — normalised, correlated, and enriched before an analyst ever sees it.
AI and behavioural analytics detect threats across every layer and route them to the right analyst — grouping related alerts into a handful of actionable incidents instead of hundreds of raw alerts, while catching the signals that matter.
The AI layer runs entirely on your hardware using Ollama. Six specialised SOC models derived from qwen2.5:7b handle classification, explanation, correlation, natural-language search, and the daily briefing. All AI inference runs locally. The only optional exception is threat-feed enrichment, which sends just the single IP or domain being looked up — never your alert context — and can be switched off entirely.
From home lab to enterprise data centre. XDRagon Monitor runs on Docker — deploy integrated, segmented, or fully air-gapped depending on your threat model and regulatory requirements.
XDRagon Monitor maps your security telemetry to framework requirements automatically — generating live compliance scores, evidence packages, and audit-ready documentation without a consultancy engagement.
Example data — illustrative compliance scores
A quick look at recent additions to XDRagon Monitor. Every card below is covered in depth on the platform pages.
curl -fsSL https://xdragonxdr.com/install.sh | bashSee how XDRagon Monitor can strengthen your security operations. Deploy on your own hardware — free and open source, full platform running in under an hour.