Requirements & Installation

Getting Started

Sandfly was developed on cloud infrastructure and works immediately at places like Amazon AWS, Azure, Digital Ocean, Linode, etc. But in reality, Sandfly doesn’t care where your Linux hosts are located. As long as the Linux systems allow SSH access, Sandfly can protect them immediately. This includes not only cloud systems, but on-premises, and hybrid deployments.


Sandfly is fully containerized and sets up in minutes. For a basic install, you need two systems capable of running Docker or Podman with these minimum requirements:

  1. A Server with 8GB or more of RAM running Linux (depending on your install size).

  2. A Node with 2GB of RAM running Linux. Each node covers thousands of hosts and can be geographically distributed.


Sandfly is easy to set up and immediately begins threat hunting and discovery operations within seconds after you add a host. See our documentation here.

Secure your Linux systems with Sandfly

Protect Hosts Now