The Threat Map is your first indicator of a threat detected by Sandfly. Normally the Threat Map should always show green. However, if it shows red, then Sandfly detected a problem and you can use the UI to dig deeper into the situation.
The numbers at the top indicate how many alerts, errors and passed checks Sandfly has seen. Plus you can see how many licensed and active hosts are currently in the system.
The View button takes you directly to that result type. For instance, clicking on View in the Total Alerts box takes you directly to view those alerts.
The area below the top statistics is a heat map that shows threats detected mapped against the Mitre ATT&CK and Sandfly threat type. Normally this heatmap should be all green. Any red indicators mean one or more threats were seen. The brighter the color, the more of that particular threat type has been found.
The Threat Map keep rolling figures out to 72 hours. The time scale on the bottom shows how old a threat is. In the example below Sandfly has found very recent threats after having 72 hours of no activity seen.
Updated 2 months ago