Hunt for Linux rootkits, malware, and compromised hosts without agents.
Agentless Threat Hunting and Intrusion Detection for Linux
Sandfly is an agentless threat hunting and intrusion detection system for Linux. Sandfly gives instant protection for cloud or non-cloud based Linux systems without the trouble of deploying agents. Sandfly can run on most Linux distributions without any modifications.
Sandfly investigates Linux systems for standard and stealth rootkits, malware, and other signs of compromise in seconds. Sandfly is able to investigate and hunt for threats on your Linux infrastructure thousands of times a day without impacting performance.
Sandfly fully automates the expertise of a forensic investigator for your Linux systems. Our methods provide thorough coverage to detect intrusions, even if attackers are employing stealth and active evasion tactics.
Sandfly is designed to investigate your hosts the way an experienced investigator would. Our investigation modules are not only fast, but also highly accurate. You can use Sandfly alerts immediately without any interpretation needed. Best of all, Sandfly won’t swamp your team with false alarms.