Scan
Scanning Hosts Manually
Although Sandfly is designed to work automatically to constantly scan for threats, you can also use it to do manual spot checks to make sure everything is OK. Also, you can use Sandfly for incident response by sending it to investigate groups of hosts for signs of compromise all at once.
To scan hosts manually from the Create New Scan form, hosts and the Sandflies that you want to run against the hosts will need to be selected. Once the form is submitted Sandfly will check the selected hosts and report back results, which can be viewed under the Results section.
Selecting Hosts to Scan
The new scan form will walk you through two steps. For step 1, select one or more active hosts.
Select Sandfly Modules to Use
After selecting which hosts to scan, you will need to pick which sandflies to run against them for step 2. Here select one or more sandflies or a specific sandfly threat group, such as file, directory, process, log, or user sandflies.
Finish
Change the default priority if necessary, otherwise click on the Finish button. The manual scan will be added into the task queue and then sent on to the appropriate nodes for processing.
Once processed, the results will begin showing up in the Results section or on the dashboard.
Updated 4 months ago