Jump to Content
Sandfly Security
HomeDocumentationAPI Reference
Log InSandfly Security
Documentation
Log In
Hosts Management

Getting Started

  • Sandfly Agentless Security Overview
  • Theory of Operation
  • Sandfly Scaling Guide

Installation

  • Installation Overview
  • Installation Requirements
  • Protected System Requirements
  • Standard Security vs. Maximum Security Install
  • Cloud Image Install
    • Server Install - Cloud Image - AWS
    • Server Install - Cloud Image - Digital Ocean
  • Docker Image Install
    • Server Install - Docker Image
    • Node Install - Docker Image
  • Named Queues
  • Installing a Custom SSL Certificate

Quick Start

  • Quick Start Overview

User Interface

  • Login Screen
  • User Interface Overview
    • Top Bar
    • Threat Map
    • Status Graph
    • Side Bar
  • UTC/Local Time Display
  • Results Viewer
    • Results Top Bar
    • Viewing Results
    • Deleting Results
  • Sandfly Hunter
  • Hosts Management
    • Adding Hosts
    • Viewing Hosts
    • Updating Hosts
    • Deleting Hosts
  • SSH Hunter
    • Security Zones
      • Example: SSH Security Zone
      • Banned Keys
    • Key Investigation
    • User Investigation
    • Host Investigation
    • Tag Workbench
  • Reports
  • Scan
  • Schedules
    • Adding Schedule - Scan Hosts
    • Adding Schedule - Discover Hosts
    • Viewing Schedule
    • Deactivating and Deleting Schedule
    • Scheduling Optimization
  • Notifications
    • Adding Syslog Notifications
    • Adding Email Notifications
    • Adding Webhook Notifications
    • Deleting Notifications
  • Jump Hosts
  • Host Credentials
    • Credentials Security
    • Adding Credentials
    • Viewing Credentials
    • Updating Credentials
    • Deleting Credentials
  • Sandflies
    • Sandfly Types
    • Viewing Sandflies
    • Activating and Deactivating Sandflies
    • Sandfly Auto Response
  • Whitelisting
    • Whitelisting a Sandfly
    • Viewing and Deleting Whitelist Entries
  • Result Profiles
    • Example: Drift Detection
  • Settings
    • Licensing
    • Adding Users
    • User Profile and Password
    • Server Configuration
    • SSO Configuration
    • Elasticsearch Replication
    • Postgres Replication
    • Sentinel Replication
    • Integrations and Apps
    • Threat Feeds
  • Logs
    • Audit Log
    • Scan Error Log
  • Logging Out

Custom Sandflies

  • Custom Sandfly Operation
  • Custom Sandfly Creation
  • Custom Sandfly Options
  • Rule Construction
  • Expr Rules for Sandfly

Upgrading

  • Upgrading Sandfly

Administration

  • Special Case Server Configurations
  • Special Case Node Configurations
  • External Credential Provider Interface
  • Docker Management
  • Run Sandfly with Podman
  • Backup and Restore Guide
  • Log Level Change Guide
  • Maintenance Scripts
  • Hash Match Fields
  • Sandfly API
  • API Endpoint Role Security Matrix
  • Operational FAQ

Application Notes

  • Tailscale SSH
  • JunOS Evolved
  • Cisco NX-OS
  • Cisco IOS-XR

Appendix

  • Sandfly Forensic Keyword List
    • Header Data
    • Option Data
    • Operating System Data
    • Explanation Data
    • File Data
    • Directory Data
    • Process Data
    • User Data
    • Lastlog Data
    • (U|W|B)TMP Log Data
    • WTMP Log Data
    • BTMP Log Data
    • Cron Job Data
    • At Job Data
    • Kernel Module Data
    • Systemd Data

License - EULA

  • License - EULA

Hosts Management

In order for Sandfly to start protecting your systems, they need to be added to the hosts management. In this section you will learn how to add, view, and delete hosts you want monitored.

Updated 9 months ago


What’s Next
  • Jump Hosts
  • Adding Hosts
  • Viewing Hosts
  • Updating Hosts
  • Deleting Hosts