Back to home

How it works

From network noise to something readable

This page is the higher-context version of the homepage. It is here for technical visitors who want to understand the pipeline, and for non-technical visitors who want to know what the project is actually doing under the hood.

Step 01

Discover the network

IoTSentinel starts by identifying devices through ARP, mDNS, UPnP, and network scanning so the dashboard has a concrete inventory to work from.

Step 02

Collect useful signals

In passive mode it focuses on visibility and event signals. In gateway mode it can move closer to full traffic inspection, which is why that path needs more setup care and hardening.

Step 03

Score, explain, correlate

Detections, CVE checks, and anomaly-related signals feed into the logic and AI layers that turn technical output into something easier to interpret.

Step 04

Keep it local-first

Project data is stored on-device so the Pi remains the main source of truth rather than a thin client for a remote SaaS backend.

Step 05

Present it clearly

The dashboard, alerts, and setup flows are designed to make network security legible to non-specialists without removing the detail technical users care about.

Why this matters

Many consumer tools show alerts but keep their reasoning, storage model, or tradeoffs vague. IoTSentinel is deliberately trying to stay legible: local-first where possible, explicit about cloud use when chosen, and open enough that a technical user can inspect the code path rather than trust branding alone.