Sandfly 1.4.6 – Performance and Syslog Updates

Performance Updates

Sandfly 1.4.6 is released. This update adds significant performance increases to the backend enabling faster handling of a large number of hosts.

Thanks to our agentless design, Sandfly was always able to scan a large number of systems quickly. However the new changes have made the server much faster especially for those looking to do a large number of manual scans against a large number of systems. Scheduled scanning performance is also increased along with these changes.

Syslog Auditing Updates

We also added in the ability to send all Sandfly security sweeps whether they passed or failed to the syslog destination of your choice. This allows customers to use Sandfly not just to detect suspected compromised Linux systems, but keep full audit information of when hosts were checked and what they were checked for at all times. You can feed this syslog data into the log aggregation platform of your choice and use it as part of your auditing procedures.

UI Updates

The UI now has tabs to keep active and inactive hosts separate. If you have a large number of active hosts you can quickly see them along with inactive hosts. We have also made other small updates to the UI to improve performance especially on large numbers of monitored hosts.

Database Updates

We have updated the start scripts to use the latest Elasticsearch 6.4.2 build.

Upgrading

Customers can update their systems quickly by following the instructions on upgrading sandfly in the documentation.