Although Sandfly is designed to work automatically to constantly scan for threats, you can also use it to do manual spot checks to make sure everything is OK. Also, you can use Sandfly for incident response by sending it to investigate groups of hosts for signs of compromise all at once.
To scan hosts manually, you will need to select hosts under the Hosts Tab, then select the Sandflies you want to run against the hosts. After you do this, you will select the Scan button and Sandfly will check the hosts and report back results you can view under the Results section.
The scan selection dialog will walk you through several steps. First, select the hosts you want scanned.
After you select the hosts you want to scan, you'll want to select what sandflies to run against them. You can select all sandflies, or just specific sandfly threat groups such as file, directory, process, log, and user sandflies.
Select the Finish button when you are done. The scan is sent to the nodes for processing.
Once submitted, your results will begin showing up in the results section or be visible on the dashboard.
Updated 2 months ago