Agentless Linux Security

Agentless Intrusion Detection and Threat Hunting for Linux


Sandfly is an agentless threat hunting and compromise detection system for Linux. Sandfly gives instant protection for cloud or non-cloud based Linux systems without the trouble of deploying agents. Sandfly can run on all Linux distributions without any modifications.


Sandfly investigates Linux systems for standard and stealth rootkits, malware, and other signs of compromise in seconds. Sandfly is able to investigate and hunt for threats on your Linux infrastructure thousands of times a day without impacting performance.


Sandfly fully automates the expertise of a forensic investigator for your Linux systems. Our methods provide thorough coverage to detect intrusions, even if attackers are employing stealth and active evasion tactics.


Sandfly is designed to investigate your hosts the way an experienced investigator would. Our investigation modules are not only fast, but also highly accurate. Sandfly won’t swamp your team with false alarms. You can spend more time chasing actual threats instead of ghosts.

Secure 5 Hosts for Free.


Sandfly is a quiet sentinel for your Linux network.
Sandfly is always vigilant.

Sandfly was designed from the ground up to detect compromised Linux hosts. Sandfly searches for signs of compromise on your Linux systems and provides fast and detailed alerts to any problems. If attackers have evaded multiple layers of your security, Sandfly provides a backstop to ensure intruders can’t get comfortable on your network and spread further without being seen.

  • Agentless security for rapid deployment on Linux.

  • Searches for signs of compromise on Linux that evaded your other security layers.

  • Searches 24 hours a day for Linux intrusions without any operator action.

  • Built to be a security product for Linux from the ground up.

Read About Sandfly's Features

Latest news