Threat Map
The threat map is your first indicator of a threat detected by Sandfly. If data appears in red then Sandfly detected a problem. Use the UI to dig deeper into the situation.
Threat Stats
The boxes at the top indicate how many alerts, errors and passed checks Sandfly has seen. Plus you can see how many active hosts are recently seen in the system.
Clicking anywhere within each box drills you down into the resulting data. For instance, the Alerts box takes you to a filtered view of only alerts.
Security Zones Violations
A list of SSH Security Zones that are currently violated is shown in another section of the dashboard.
Up to 5 zones in violation will be displayed, with an indicator to go to the View Zones page if there are more than 5 (like on Host Alerts).
New SSH Keys
Further down the dashboard is a section showing new SSH keys that have been detected by Sandfly within the last 72 hours. The table shows the 5 most recent keys, however the "Plus x more ..." button can be used to display the full list.
The ability to see when new SSH Keys appear is a further aid in protecting your infrastructure from unexpected activities.
Updated 2 months ago