Sandfly 3.1 Released - Secure Linux Faster Than Ever

Product Update

December 16, 2021
The Sandfly Security Team

Sandfly 3.1 offers major performance enhancements while reducing the resources needed to protect your Linux systems.

Sandfly Fights CronRAT

We have added in new checks for malware tactics used in CronRAT Linux malware and more. We could find this type of malware already, but have added new hunting modules for suspicious cron command entries to make detection even more complete.

75% Less RAM Needed

Our server uses a new PostgreSQL database and this has resulted in dramatically lower RAM requirements while providing a big boost in performance. This new version uses 75% less RAM vs. previous. Many customers can install Sandfly's server on inexpensive cloud instances to protect their Linux systems without sacrificing any performance.

Easily Export Events to Elasticsearch & Splunk

While Splunk users can still use our certified Splunkbase app to send all Sandfly events directly to Splunk, we’ve made Elasticsearch event export easier by including it in the UI. Simply put in your cluster's URL and authentication information to ingest Sandfly events directly into your Elasticsearch instance.

Adding Elasticsearch URL

Improved Syslog Event Output for Graylog and Other SIEM Tools

For customers using Sandfly to send syslog output, we have improved the formatting in the result data. Syslog enabled SIEM products such as Graylog and QRadar now receive more detailed information directly from Sandfly events.

Graylog Sandfly Syslog Results

Faster Filtering and Host Views

Sandfly gives in-depth information about what Linux systems are running without loading any agents on your endpoints. Now, results filtering is faster with more options on how to view it. Enhanced host views show critical Linux operating system data quickly with our agentless asset discovery capability.

Sandfly 3.1 Host View
Sandfly 3.1 Host View Details

Sandfly Hunter Improved

Fully licensed users get access to Sandfly Hunter to search for forensic artifacts instantly. Use Sandfly Hunter to search for files, processes, users, log entries, SSH keys and more as part of an incident to help quickly find and isolate compromised hosts. In this release Sandfly Hunter has been improved with faster forensic artifact hunting than before.

Sandfly Hunter Searching SSH Keys

Seamless, Free Upgrade from 3.0 to 3.1

All free and paid customers can upgrade today. Please see the upgrade documentation for how to quickly and easily upgrade.

Protect 500 Linux Systems Now for Free

Sandfly is still offered for free to help you immediately start monitoring and protecting your Linux fleet. Start now with an instant no-obligation license

Thank you for using Sandfly. Please contact us with any questions or comments.

Let Sandfly keep your Linux systems secure.

Learn More