Getting Started
Sandfly was developed on cloud infrastructure and works immediately at places like Amazon AWS, Azure, Digital Ocean, Linode, etc. But in reality, Sandfly doesn’t care where your Linux hosts are located. As long as the Linux systems allow SSH access, Sandfly can protect them immediately. This includes not only cloud systems, but on-premises, and hybrid deployments.
Requirements
Sandfly is fully containerized and sets up in minutes. For a basic install, you need two systems capable of running Docker or Podman with these minimal requirements, which will scale up for large installations:
A Server with 8GB or more of RAM running Linux on an amd64 architecture.
A Node with 4GB of RAM running Linux on an amd64 architecture. Each node covers thousands of hosts and can be geographically distributed.
Installation
Sandfly is easy to set up and immediately begins threat hunting and discovery operations within seconds after you add a host. For details see our documentation here.