How it works
From network noise to something readable
This page is the higher-context version of the homepage. It is here for technical visitors who want to understand the pipeline, and for non-technical visitors who want to know what the project is actually doing under the hood.
Discover the network
IoTSentinel starts by identifying devices through ARP, mDNS, UPnP, and network scanning so the dashboard has a concrete inventory to work from.
Collect useful signals
In passive mode it focuses on visibility and event signals. In gateway mode it can move closer to full traffic inspection, which is why that path needs more setup care and hardening.
Score, explain, correlate
Detections, CVE checks, and anomaly-related signals feed into the logic and AI layers that turn technical output into something easier to interpret.
Keep it local-first
Project data is stored on-device so the Pi remains the main source of truth rather than a thin client for a remote SaaS backend.
Present it clearly
The dashboard, alerts, and setup flows are designed to make network security legible to non-specialists without removing the detail technical users care about.
Why this matters
Many consumer tools show alerts but keep their reasoning, storage model, or tradeoffs vague. IoTSentinel is deliberately trying to stay legible: local-first where possible, explicit about cloud use when chosen, and open enough that a technical user can inspect the code path rather than trust branding alone.