Sandfly Security

Sandfly Security Documentation

Welcome to the Sandfly Security documentation hub. Sandfly is an agentless compromise and intrusion detection system for Linux.

Sandfly automates security investigation and forensic evidence collection on Linux. Sandfly constantly searches for intruders 24 hours a day on your network without needing to load any agents on your endpoints.

Get Started

Sandfly Agentless Linux Security Overview

Securing your Linux systems with Sandfly is simple. Follow this guide.

Sandfly Agentless Linux Security Overview

Sandfly is an agentless intrusion detection and incident response platform for Linux. Sandfly automates searching for hackers, malware, and suspicious activity on your Linux systems 24 hours a day. It features an extensive list of security checks to spot compromises and intrusions on Linux along with expert-level forensic evidence gathering to support incident response.

Sandfly is able to provide all of this without loading any software on your Linux endpoints, making it easily deployed and reliable.

This guide will take you through setup and operation of Sandfly.

Updated 4 months ago

Sandfly Agentless Linux Security Overview


Securing your Linux systems with Sandfly is simple. Follow this guide.

Suggested Edits are limited on API Reference Pages

You can only suggest edits to Markdown body content, but not to the API spec.