Server Configuration

The server configuration page contains the core settings for the Sandfly server, which is accessed by expanding the Settings option in the sidebar and then selecting Server Configuration.

The various server settings can be accessed by changing to any of the following tabs:

• General - Includes the following core options:
  • Data Retention (days) - Change the number of days that Sandfly will retain results data, audit logs, and error logs on the Sandfly server. The field's help text reflects the highest possible value that can be set based on your license. This setting has no effect on replicated data. Retention will have an effect on your storage requirements, be certain to monitor and adjust space in an appropriate ratio based on the number hosts scanned and percent / types of selected Sandflies.
  • Pass Data Retention (days) - Change the number of days that Sandfly will retain "pass" results data on the Sandfly server. The field's help text reflects the highest possible value that can be set based on your license. If "pass" results are not mandatory or important to be locally maintained alongside the entire set of alert and error results for whatever reason, a setting that is lower than the base retention period will help to reduce the size of the Sandfly database.
  • Shared URL Retention (days) - Change the number of days that Sandfly will retain shared URL data on the Sandfly server.
  • Agent Reverse DNS Lookup - Instructs all nodes on whether or not to perform a reverse DNS lookup on IP addresses that are contained within some network-related results. The hostname of successful reverse lookups will appear in the "hostname_local" and "hostname_remote" fields within the result data, which can then be used in custom rules.
  • Maintenance Hour (UTC) - Set the hour (UTC) for the daily database maintenance to run. While maintenance is in progress, new schedule runs will be paused, though existing tasks, including existing trickle runs, will continue. During this period, a callout box will be displayed on the Task Queues page, and you can find maintenance activity with timings by searching the logs for “nightly maintenance”.
  • Agent Binary Names - When running a scan on a host, the Sandfly binary, process name, and associated .pid file will be a random choice from this comma-separated list. Names must only contain letters, numbers, dashes and underscores. This feature provides further evasion resistance against being bypassed during normal scans. It also gives additional protection for incident response teams wishing to keep a low profile during their investigations.
• AI Configuration - Provides the ability to set up and use an LLM to analyze Sandfly results.
  • See AI Configuration for complete configuration details.
• SSO Configuration - Sandfly supports single sign-on (SSO) using SAMLv2.
  • See SSO Configuration for complete configuration details.
• Elasticsearch Replication - Sandfly results are replicated to the defined Elasticsearch database.
  • See Elasticsearch Replication for complete configuration details.
• Postgres Replication - Sandfly results are replicated to the defined PostgreSQL database.
  • See Postgres Replication for complete configuration details.
• Sentinel Replication - Sandfly results are replicated to the defined Sentinel database.
  • See Sentinel Replication for complete configuration details.

ℹ️

INFO: Upgrade Features - Replication and SSO

The ability to configure and use replication or single sign-on requires an upgraded plan. Please see https://www.sandflysecurity.com/get-sandfly/ for details.