Jump to Content

Home Documentation API Reference

Documentation

Home Documentation API Reference

All

Pages

Start typing to search…

Getting Started

Sandfly Agentless Security Overview
Theory of Operation
Sandfly Scaling Guide

Installation

Installation Overview
Installation Requirements
Protected System Requirements
Standard Security vs. Maximum Security Install
Cloud Image Install
- Server Install - Cloud Image - AWS
- Server Install - Cloud Image - DigitalOcean
Docker Image Install
Named Queues
Installing a Custom SSL Certificate

Quick Start

Quick Start Overview

User Interface

Login Screen
User Interface Overview
UTC/Local Time Display
Results Viewer
Sandfly Hunter
Hosts Management
Drift Detection
SSH Hunter
AI Analysis
- Adding Analysis
- Viewing Analysis
Reports
Scan
Schedules
Notifications
Jump Hosts
Host Credentials
Sandflies
Whitelisting
- Whitelisting a Sandfly
- Viewing and Deleting Whitelist Entries
Result Profiles
- Example: Drift Detection
Settings
Logs
- Audit Log
- Scan Error Log
Logging Out

Custom Sandflies

Custom Sandfly Operation
Custom Sandfly Creation
Custom Sandfly Options
Rule Construction
Expr Rules for Sandfly

Upgrading

Upgrading Sandfly

Administration

Special Case Server Configurations
Special Case Node Configurations
External Credential Provider Interface
Docker Management
Run Sandfly with Podman
Backup and Restore Guide
Log Level Change Guide
Maintenance Scripts
Hash Match Fields
Sandfly API
API Endpoint Role Security Matrix
Operational FAQ

Application Notes

Cisco IOS-XR
Cisco NX-OS
JunOS Evolved
Tailscale SSH
Elastic Connector

Appendix

Sandfly Forensic Keyword List

License - EULA

License - EULA

WTMP Log Data

Page Deprecated

As of Sandfly version 5.3.0, this page has been deprecated and its content moved into (U|W|B)TMP Log Data.

Updated 11 days ago

Sandfly Agentless Security Overview