PythonHostIDS
PythonHostIDS is a lightweight host-based IDS that focuses on file activity visibility and quick incident notification.
What it does
- Monitors a target directory using Linux inotify events.
- Collects access/modification event metadata in real time.
- Generates CSV reports from captured events.
- Sends alert emails with report attachments via SendGrid.
How it is built
- Uses a custom
pyinotifyevent processor that pushes event records to a queue. - Main loop drains events, builds pandas DataFrames, and persists timestamped reports.
sendmail.pyencapsulates SendGrid API handling and attachment delivery.- CLI arguments configure watch path, report output path, sender, and recipient list.
Tech stack
Python, pyinotify, pandas, SendGrid API.