1) Monitor system resource activity in a PC (CPU, Disk, Memory & Network) using Psutil.
2) Monitor a few directories for any new files. Upload new files to Falcon sandbox to be analysed for malware (the sandbox is hybrid-analysis by Falcon Security, and their API connector is called vxAPI)
3) If the values taken in step 1 exceed a certain threshhold, or by a high percentage, then, send an email alert (Gmail) containing a snapshot of the system activity to notify the admin.
4) If any file scans return results stating that a certain file is malicious, repeat step 3, but also include details of the malicious file detected
5) Design simple email template that visualizes information nicely, such as:
- Hostname & IP of affected host
- time of alert
- bar chart (Plotly) showing a 'snapshot' of system resource activity at the time of alert
- details of malicious file detected
- most recent running processes (see [login to view URL]) in a nice and attractive way