1) Monitor CPU, Disk, Memory & Network in a PC using Psutil.
2) Monitor a few directories for any new files. Upload new files to Falcon sandbox to be analysed for malware (the sandbox is hybrid-analysis by Falcon Security, and their API connector is called vxAPI). Scripts and info can be shared for this.
3) If the values checked in step 1 exceed a certain threshhold, or by a high percentage, then, send an email alert (Gmail) containing details from step 1 to notify the admin.
4) If any file scans return results stating that a certain file is malicious, repeat step 3, but also include details of the malicious file detected
5) Design simple email that visualizes alert information nicely, such as:
- Hostname & IP of affected host
- simple bar chart (using Plotly) showing a 'snapshot' of system resource activity at the time of alert
- details of malicious file detected
- most recent running processes (see [login to view URL]) in a nice and attractive way