Get Sandfly

Agentless Linux

intrusion detection

Secured in seconds.

Get instant protection across all Linux systems from modern to legacy and even embedded devices.

Watch the Video

Comprehensive Linux Protection

Trusted on Critical Infrastructure


Sandfly is an agentless, instantly deployable, and safe Linux Endpoint Detection and Response (EDR) platform. Sandfly protects virtually any Linux system, from modern cloud deployments to decade-old devices, regardless of distribution or CPU architecture. And, we do it without loading agents on your endpoints that can cause performance and stability impacts.

Besides traditional EDR capabilities, Sandfly also tracks SSH credentials, audits for weak passwords, detects unauthorized changes with drift detection, and allows custom modules to help incident responders find emerging threats. We do all of this with the utmost compatibility, performance, and safety on Linux.