Located under Settings > Application Settings, General Settings enables configuration of the core settings for the Sandfly server and scanning binary.

General Settings

The Edit button opens an associated form. Details for the configurable fields in each form are described below:

Server and Data Retention Form

• Server Hostname - The hostname or IP address that users use to access the server. This field may not be "localhost" or "127.0.0.1"; it must be the FQDN or IP address that is accessible from your network. If using Let's Encrypt or another ACME service for the HTTPS certificate, this is the hostname that will be requested on the certificate. If using SSO, this is the hostname that will be used for the login redirect URL.
• Server Log Level - Change the log level for the server log output. Takes effect immediately when saving changes. If the log level is set by an environment variable, it will override this setting and this configured value will have no effect until the server is restarted without the override environment variable.
• Data Retention (days) - Change the number of days that Sandfly will retain results data, audit logs, and error logs on the Sandfly server. The field's help text reflects the highest possible value that can be set based on your license. This setting has no effect on replicated data. Retention will affect your storage requirements. Monitor storage usage and adjust capacity accordingly, as requirements will vary based on the number of hosts scanned and the types of Sandflies selected.
• Pass Data Retention (days) - Change the number of days that Sandfly will retain "pass" results data on the Sandfly server. The field's help text reflects the highest possible value that can be set based on your license. If "pass" results are not required to be retained locally alongside the full set of alert and error results, a value lower than the base retention period will help reduce the size of the Sandfly database.
• Shared URL Retention (days) - Change the number of days that Sandfly will retain shared URL data on the Sandfly server.
• Maintenance Hour (UTC) - Set the hour (UTC) for the daily database maintenance to run. While maintenance is in progress, new schedule runs will be paused, though existing tasks, including existing trickle runs, will continue. During this period, a callout box will be displayed on the Task Queues page, and you can find maintenance activity with timings by searching the logs for "nightly maintenance."

Session Timeout Form

• Access Token Timeout (minutes) - Length of time the API access token is valid before requiring a refresh.
• Refresh Token Timeout (minutes) - Length of time the API refresh token is valid before requiring a new login.
• UI Session Idle Timeout (minutes) - Length of time a UI session may be idle before being logged out.
• UI Session Expiration (minutes) - Maximum length of time a UI session may be active before requiring a new login.

❗️

IMPORTANT: Saving Changes Immediately Invalidates All Sessions

Saving any changed values will immediately invalidate all existing login tokens/sessions. Users will be sent to the login screen and active API connections will be disconnected and will need to re-authenticate.

Scanning Binary Form

• Agent Binary Names - When running a scan on a host, the Sandfly binary, process name, and associated .pid file will be a random choice from this comma-separated list. Names must only contain letters, numbers, dashes, and underscores. This feature provides further evasion resistance against being bypassed during normal scans. It also gives additional protection for incident response teams wishing to keep a low profile during their investigations.
• Agent Reverse DNS Lookup - Instructs all nodes on whether to perform a reverse DNS lookup on IP addresses that are contained within some network-related results. The hostname of successful reverse lookups will appear in the hostname_local and hostname_remote fields within the result data, which can then be used in custom rules.
• Home Directory Base Paths - Comma-separated list of directories to search for inferred user home directories during scans. Usernames in /etc/passwd always take precedence over any “found” home directory names. With this feature, if the same inferred username is found in more than one base path, the result is non-deterministic across scan runs.

Server HTTPS Certificate (TLS) Form

• User TLS Certificate Active - This is a read-only, informational value displayed on the page and is not editable in the form. If enabled, the user has provided their own certificate and key to the server, so the settings in this section will not apply (until the server admin removes the certificate from the server settings and restarts the server, at which time the configuration options in this section take effect).
• TLS Mode - The Self-Signed option instructs the Sandfly server to generate its own certificate for HTTPS. With this mode, users will need to click through the browser's security warning page to access the server, and the Sandfly nodes will need to be configured to ignore certificate validation. The ACME option uses an ACME service such as Let's Encrypt to automatically retrieve a server certificate. Sandfly will use the configured "Server Hostname" setting and the TLS-ALPN-01 challenge, which requires that the Sandfly server be accessible on port 443 to the ACME provider.
• ACME Email (Required if the TLS Mode is set to ACME) - Email address to provide to the ACME certificate service. Setting TLS mode to ACME and providing an email address indicates acceptance of the ACME provider's terms of service.
• ACME Directory URL (Required if the TLS Mode is set to ACME) - Directory service URL of the ACME provider to use. Defaults to Let's Encrypt (https://acme-v02.api.letsencrypt.org/directory). Leaving this field empty will automatically reset the value to the default.

ℹ️

INFO: TLS Modifications Require a Sandfly Server Restart

A manual restart of the Sandfly server is required for any TLS changes to take effect. Please plan accordingly.