Threat Map

Threat Map

The Threat Map is your first indicator of a threat detected by Sandfly. Normally the Threat Map should always show green. However, if it shows red, then Sandfly detected a problem and you can use the UI to dig deeper into the situation.

Sandfly Dashboard Showing AlertsSandfly Dashboard Showing Alerts

Sandfly Dashboard Showing Alerts

Threat Map Stats

The numbers at the top indicate how many alerts, errors and passed checks Sandfly has seen. Plus you can see how many licensed and active hosts are currently in the system.

Sandfly Hero ScreenSandfly Hero Screen

Sandfly Hero Screen

The View button takes you directly to that result type. For instance, clicking on View in the Total Alerts box takes you directly to view those alerts.

Threat Map View

The area below the top statistics is a heat map that shows threats detected mapped against the Mitre ATT&CK and Sandfly threat type. Normally this heatmap should be all green. Any red indicators mean one or more threats were seen. The brighter the color, the more of that particular threat type has been found.

The Threat Map keep rolling figures out to 72 hours. The time scale on the bottom shows how old a threat is. In the example below Sandfly has found very recent threats after having 72 hours of no activity seen.

Sandfly Threat MapSandfly Threat Map

Sandfly Threat Map


Did this page help you?