Sandfly 2.0 Released – Write Your Own Sandflies

Product Update

July 02, 2019
The Sandfly Security Team

Sandfly 2.0 is here. Sandfly 2.0 brings powerful new capabilities for agentless compromise detection and incident response for Linux. This includes our new feature to write your own agentless custom sandfly modules.

Widest Linux Security Coverage Available Anywhere

Unlike the previous version that required Python, Sandfly 2.0 needs nothing loaded on the remote endpoints to work. Sandfly just needs SSH access and can provide immediate agentless protection to your Linux fleet whether on-premises or cloud-based.

Sandfly can protect more Linux systems than ever. This includes legacy and embedded platforms that cannot run agent-based security products but still need critical security monitoring in place. No other product provides the Linux security coverage we do to actively hunt for intruders and compromised systems.

2-100 Times Faster

The new forensic engines are anywhere from 2-100 times faster than before. Sandfly has always been fast and lightweight, but now it’s even faster!

Over 500 Linux Compromise and Incident Response Checks

We have expanded our arsenal of security and incident response checks to over 500[Watch the video here]Sandfly has the most comprehensive rootkit and malware detection capabilities for Linux today. We find unknown and undetectable rootkits and malware that other products on Linux do not. We also do it without the reliability and compatibility problems agents often have.

alarm file attributes example

Sandfly has also expanded the kinds and types of forensic data we gather. We pull back more forensic data than ever with details to help your incident responders work fast and accurately.

alarm malicious cron example

Massive Performance Boost

The Sandfly architecture has seen a massive performance increase of over 50 times. You can protect thousands of Linux hosts with a very modest deployment and provide them all with instant agentless protection in minutes.

For customers looking to protect large networks, Sandfly can easily handle thousands of systems at a time and give you 24 hour protection. For incident response teams, Sandfly can be brought into a hot incident site and begin scanning immediately against a huge number of systems to find out what systems are compromised fast.

New Streamlined User Interface

We have a new streamlined UI that presents all data in a clean and easily understood way without undue clutter.

dashboard example

Write Your Own Sandflies!

The biggest news is we have a powerful industry-first feature: You can write your own agentless security and threat hunting checks!

You can now use a simple JSON syntax to write your own custom sandfly modules. You can write security checks, threat hunting modules, and even modules to look for site-specific policy issues on your own. We even provide the ability to clone the sandfly checks we have so you can modify them to your own needs. On top of this, we supply a library of templates to allow you to modify as well for reference.

custom process hash example

Try It Now

If you are an existing customer, your license makes the 2.0 update available to you automatically. Follow the upgrade procedure outlined in the documentation.

If you have been looking for a simple and comprehensive way to protect your Linux fleet, without the hassle and reliability problem of loading agents, why not try Sandfly for free today?

Let Sandfly keep your Linux systems secure.

Learn More