Skip to content


Secopx Agent - Free and Open Source EDR & IPS for Linux Servers.

The Secopx Sensor a.k.a Intrusense sensor is the culmination of more than 1.5 years of constant work, planning & design.

The sensor acts as a XDR-IPS for Linux endpoints with antivirus capabilities, specifically designed for web servers in mind (but working virtually on any server) and protects the server in real time from webshells, ransomeware, trojans, crypto coin miners and reports about general attacks.

When a “malicious” file is uploaded to one of the servers pre-defined folder, the sensor will remove the infected file upon detection into the “quarantine” folder.

Please read the file BEFORE using the sensor and also make a full BACKUP of your /var/www/html folder and make sure to read our T.O.S BEFORE using the sensor.

Technical Specifications

Supported OS : Debain 9, 10, – Ubuntu 16, 18, 20 – Centos 7, 8
License Type: Multi-license, Our code is GPL3, please see the “LICENSE-AND-CREDITS.txt” file 
Sensor size : approx 20 Mb
Connection typeOutbound ONLY  (no incoming traffic whatsoever)
Malware Analysis – by Yara & our custom engine
Dependency list – please see the file 
Prevention mechanism – the sensor scans for webserver content (/var/www/thml/ – configurable) and removes malicious files to the quarantine folder, see the file for more information.

The sensor also scans for system-wide anomalies and security issues.

System Requirements – 1GB of ram and 1 V-CPU.

The Sensor has been tested on every possible cloud environment and will run smoothly on any basic VPS.

Coding Languages – C, Python, Perl, Bash.

Running Environment – cloud or local, running on the server itself with the root permission.

“Vulnerable Software Predictor” – the sensor will alert you when a suspected vulnerable PHP file or other obfuscated file are found active in the server ecosystem.

The Predictor will NOT send the file into the quarantine folder but will ONLY write to the log file about it.

S.O.C/S.I.E.M as a service - Designed ONLY for our Sensor

For Enterprises, SMB's & Startups, up to 1000 servers per node.

S.O.C/S.I.E.M as a  service is a premium paid service, it costs $39 per month, per server and it is based on our open source GPL3 Linux based sensor. 

When you run the sensor itself with a license file, it will report to our Central Cloud S.O.C/S.I.E.M as a service, which you can access from: (or On-Prem in your network) 

Once you have installed the sensor on your machine, just login into our cloud, set up your SMS and email address, and BAM! You are immediately protected and alerted!

purchase a license here

Designed specifically for  Servers and specifically for our Sensor


Already using a different S.O.C/S.I.E.M? No problem, Our software does not conflict with any other X.D.R or Sensor. 

Our product is an extra layer and is intended ONLY for servers, which means you can keep your traditional S.O.C\S.I.E.M and E.D.R. We only sync with our Sensor-I.P.S software. 

Let your old setup continue running! We do what noone else does, in a way noone else does  and we do not interact with other security solution on servers or network based. 

Technical Specifications : 

  • Incident management & response with “off-server” data retention of incidents 
  • SMS & EMAIL alerting in real time when a “security incident” occurs or the “risk level” is too high.
  • Helps you to comply with the P.C.I-D.S.S/I.S.O/H.I.P.P.A regulations.
  • Access to our professional team; “SEND TO SOC ANALYSIS” events you do not understand can be sent with a single click to our team (this is an extra premium service, 10$ per request) *optional service.
  •  Rich User Interface with cloud “off server” data retention
  • Restrict Access by IP address (up to 3) to your dashboard
  • DDOS – Get SMS/email and store “off server” data about attacks in case of DDOS attacks.
  • Fully responsive and mobile/Tablet tested interface
  • Customizable “Risk Level” according to your specific needs, set the risk level threshold according to your paranoia level.
  • Get Alerted when “Vulnerable Software Predictor finds a suspected vulnerable file in your webserver directory
  • Export Security log reports and other data to PDF.

BUY NOW a Subscription for our "S.O.C/S.I.E.M" as a service!

1 Linux server per month, billed annually, according to our T.O.S

  • Limited Time Offer! Normal PRICE IS $65 per month! Feature
  • Setup S.O.C/S.I.E.M within minutes! See our Youtube installation clip! Feature
  • Off-server logging of attacks and server metrics up to 1 day back* (See data retention in T.O.S) Feature
  • Detects Webshells & Ransomware in almost real time Feature
  • Including SMS & EMAIL alerts Feature

How our S.O.C/S.I.E.M as a service works?

S.O.C/S.I.E.M as "On Premise"

Just like the “S.O.C/S.I.E.M as a service” but on your local servers within your local network. “On Premise” means that all the information stays on your servers inside your internal network.

Let’s say you have a few webservers inside your Intra-network, Secopx will monitor and protect those machines for you both inside and outside your network.

All the data belongs to you. You set the data retention settings.

Contact sales today for a demo and a price quote!

+972 52 5326350 or email us to