# ThreatSentry

## ThreatSentry

Repo: <https://github.com/GL1T0H/ThreatSentry>

A PowerShell tool for threat hunters to collect and analyze system information, including architecture, IP processes, security events, and more. Outputs are saved in JSON format, with basic info sent to Telegram

<figure><img src="https://3172339440-files.gitbook.io/~/files/v0/b/gitbook-x-prod.appspot.com/o/spaces%2FWT00pHj9DouZCtGSbq7M%2Fuploads%2F6OzXK3081GqKK7LnkQ6n%2Fimage.png?alt=media&#x26;token=bf85a6b7-a901-4cdd-aa99-415e2555ee3c" alt=""><figcaption></figcaption></figure>

### Features

* Collects system details (architecture, IP, users, version, Network Connections, Processes, ScheduledTasks, DNSQueries, StartupPrograms, etc.).
* Analyzes security events for specified Event IDs.
* Sends basic report to Telegram with file paths.

### Requirements

* Windows OS
* PowerShell 5.1 or higher
* Administrator privileges
* Telegram Bot Token and Chat ID

### Installation

1. Clone the repository:

   ```
   git clone https://github.com/GL1T0H/ThreatSentry.git
   ```

### Usage

1. Run the script as an administrator

   ```
   .\ThreatSentry.ps1 -Telegram $true
   ```