The status graph shows information about what Sandfly has done in terms of scans against your systems. The graph shows passed events (no alarms), alerts and errors.
Passed events normally greatly outstrip alerts and errors. As a result they are presented as log scale where alerts and errors are normal scale.
Alerts are shown with a counter to quickly see how many were found. Passed event totals can be seen by taking your mouse over the peaks and valleys.
Why is the Status Graph Lumpy?
Sandlfy has a unique randomized scheduler to hunt for threats. This random feature not only lowers impact on your hosts, but provides evasion resistance and unpredictability against attackers trying to hide from Sandfly.
As a result of this random schedule, the Status Graph will appear lumpy as Sandfly shows up and disappears on hosts during and after audits.
Updated 2 months ago