Activating and Deactivating Sandflies
You can deactivate a sandfly if you never want it run. This may be something you want to do if it is causing a false alarm in your environment and whitelisting the alert is not helping.
A sandfly can be deactivated if you never want it to run. This is a valid option if it is causing a false alarm in your environment and whitelisting the alert is not helping.
IMPORTANT: Deactivating vs. Whitelisting
Deactivating a sandfly in the master list disables that check for all systems. If there is a false alarm in only on one or a few hosts, consider whitelisting the alert instead. Whitelisting will mean that the sandfly is not run on the selected host(s) and not globally.
We have worked very hard to ensure false alarms do not happen, but if you have an unusual environment or configuration it is possible a Sandfly may deem it suspicious and alert. If this happens, try deactivating it by first double clicking its row in the Sandflies table in order to will open its Sandfly detail page. Then simply click on the Deactivate button. Use the Activate button to restore its availability.
As a reminder, deactivating the sandfly here shuts it off for all systems. If this is not desired, consider whitelisting the sandfly if it is only activating as a false alarm on a few systems.
Updated 4 months ago