Using Elasticsearch and Kibana to Investigate Suspicious Linux Activity with Sandfly

In this video we’re going to show you how to use Sandfly with Elasticsearch Kibana dashboards to search for and investigate a suspicious process on Linux.

We’ll go over Sandfly’s agentless collection of Linux operating system, security and intrusion detection data. Then we’ll use this information to investigate a rogue network sniffer started by mysterious user X.

Sandfly can easily send data into Elasticsearch (and Splunk) to help detect and investigate breaches. Best of all, we do it without loading any agents on your Linux endpoints. Stay tuned for more videos showing these capabilities.