A beginner-friendly SOC Analyst / Blue Team project that monitors files for unauthorized changes using SHA-256 hashing.
- File integrity monitoring
- Hashing with SHA-256
- Blue Team detection logic
- Incident response documentation
- Python scripting
- Change detection
file_integrity_monitor.py- Main Python scriptwatch_folder/- Folder being monitoredbaseline.json- Created automatically after first scanreports/integrity_report.txt- Report created after scanrequirements.txt- Python requirements
- The tool scans files inside
watch_folder - It creates a baseline hash for each file
- On the next scan, it compares current hashes to the saved baseline
- It alerts if a file was modified, deleted, or newly added
python file_integrity_monitor.py --baselinepython file_integrity_monitor.py --scanALERT: File modified: watch_folder/important_config.txt
ALERT: New file detected: watch_folder/suspicious_file.txt
ALERT: File deleted: watch_folder/password_policy.txt
File integrity monitoring is important in cybersecurity because attackers often modify system files, scripts, web pages, or configuration files after gaining access. SOC Analysts and Blue Team defenders use integrity monitoring to detect unauthorized changes quickly.