SyntaKing/sentinel-x

GitHub: SyntaKing/sentinel-x

Stars: 0 | Forks: 0

# 🛡️ Sentinel-X: Endpoint Detection & Response [EDR] ![Python](https://img.shields.io/badge/Python-3.8%2B-blue) ![FastAPI](https://img.shields.io/badge/FastAPI-0.100%2B-009688) ![Streamlit](https://img.shields.io/badge/Streamlit-1.25%2B-FF4B4B) ![SQLite](https://img.shields.io/badge/SQLite-Database-003B57) **Sentinel-X** is a lightweight, distributed Endpoint Detection & Response [EDR] designed to provide real-time endpoint visibility and active threat mitigation. Built entirely in Python, it bridges the gap between local system auditing and centralized security operations. ## 📖 Table of Contents - [Architecture & Tech Stack](#-architecture--tech-stack) - [Core Features](#-core-features) - [Installation & Setup](#-installation--setup) - [Usage (Running the System)](#-usage-running-the-system) - [Testing the System](#-testing-the-system) - [Disclaimer](#-disclaimer) ## 🏗️ Architecture & Tech Stack The system utilizes a decoupled Agent-Server-UI architecture, demonstrating enterprise-grade distributed system concepts. * **Endpoint Agent (`psutil`, `watchdog`, `hashlib`):** A stealthy, user-space observer that continuously monitors file system modifications and process executions. * **Central Command Server (FastAPI, SQLite):** A centralized REST API backend that ingests telemetry, cross-references hashes against a Threat Intelligence database, and queues remediation directives. * **SOC Dashboard (Streamlit, Pandas):** An interactive Security Operations Center web interface for live telemetry visualization and active threat neutralization. ## ✨ Core Features * **Real-Time Process Monitoring:** Captures new application executions, logging their Process IDs (PIDs) and binary paths. * **File System Auditing:** Detects dropped payloads in monitored directories and extracts metadata (size, path, timestamp). * **Forensic Cryptography:** Automatically calculates SHA-256 signatures for all intercepted files to verify payload integrity. * **Signature Detection:** Instantly cross-references incoming endpoint telemetry against an internal malware intelligence feed. * **Remote Threat Neutralization:** Analysts can utilize a web-based "Kill Switch" to forcefully terminate malicious processes over the network. ## ⚙️ Installation & Setup ### 1. Prerequisites Ensure you have **Python 3.8+** installed on your system. ### 2. Clone the Repository git clone [https://github.com/yourusername/sentinel-x.git](https://github.com/yourusername/sentinel-x.git) cd sentinel-x