Flexible licensing to meet your business needs
Get Started
Get started for free. Agentless security on up to 500 hosts. No credit card required.
Learn MoreComplex Requirements?
We’ll ensure that your network has the best possible protection from day one.
Talk with an expertStarter
Perfect for small deployments and trialing the product.
- 12 Months Free License
- Up to 3 simultaneous alerts
- 1 email notification
- 24 hours of data retention
- 1 automated test schedule
- 5 user accounts
Standard
Good for most businesses with basic Linux protection needs.
- Unlimited simultaneous alerts
- Custom Sandfly Modules
- Sandfly Threat Hunter
- Automated Response
- Unlimited user accounts
- Unlimited email and syslog notifications
- 72 hours of data retention
- Unlimited schedules
Enterprise
Best for large organizations that need advanced security features.
- Tailored Host Package
- All Business Features
- SOAR Tool Ad Hoc Scanning
- Elasticsearch Intergration
- Splunk Integration
- Enterprise Support
Compare License Features
| Starter | Standard | Enterprise | |
|---|---|---|---|
| Hosts | 500 | 20 hosts included | 20 hosts included |
| Max Hosts | 500 | 500 | Unlimited |
| Alerts | 3 | Unlimited | Unlimited |
| Email Notifications | 1 | Unlimited | Unlimited |
| Syslog Notifications | 0 | Unlimited | Unlimited |
| Data Retention | 24 hours | 72 hours | 72 hours |
| Schedules | 1 | Unlimited | Unlimited |
| Jump Hosts | Unlimited | Unlimited | Unlimited |
| Named Queues | Unlimited | Unlimited | Unlimited |
| Custom Sandflies | |||
| Auto Response | |||
| Standard Support | |||
| Replication | |||
| Splunk | |||
| Ad Hoc Scan | |||
| Enterprise Support |
Frequently Asked Questions
Sandfly only requires that your Linux host be running SSH. Sandfly has been tested against the following Linux distributions:
- CentOS
- RedHat
- Ubuntu
- Fedora
- Debian
- Suse
- Arch
- CoreOS
- Amazon Linux Images
- Digital Ocean Linux Images
- Raspberry Pi and other embedded systems
Sandfly will work against most Linux variants including embedded versions. It works on Linux versions running Intel, AMD, Arm or MIPS CPUs without any special modifications.
No. Sandfly is completely self-contained. It sends no data back to us, and does not ship potentially confidential data from your systems off-site for analysis. Sandfly is designed to work on networks that are on the Internet, or those that are air-gapped. Nothing leaves the system to a third-party during operation. Although we may offer off-site analysis features in the future, we also recognize that many organizations have spent tremendous amounts of money to secure their data and do not want it sent out to third-party services they do not control. Sandfly was designed to work in isolation without any need to communicate externally.
Sandfly is fully Dockerized. You need two systems capable of running Docker with these minimum requirements:
- A Server with 8GB or more of RAM running Linux depending on your install size. This computer runs the REST API and Elasticsearch database.
- A Node with 2GB of RAM running Linux. A Node system actually runs multiple node containers for performance and redundancy. You can spin up a large number of node containers to handle very large installations without any trouble. Each node can scan 500 systems at a time so you can cover thousands of hosts very easily.
Once installed, you add the hosts you want protected and that’s it. You don’t have to touch any of the remote hosts.
Yes. Sandfly was developed largely on cloud infrastructure and works immediately at places like Digital Ocean, Linode, Amazon AWS, etc. But in reality, Sandfly doesn’t care where your Linux hosts are located. As long as they allow SSH access then Sandfly can protect them immediately. Whether it’s in the cloud, your own network, or any other configuration, Sandfly will work.