Linux Threats Detected

Detecting Conventional and Unconventional Threats on Linux

Keeping your Linux infrastructure secure is a top priority, but constantly updating signatures can be a frustrating and time-consuming task. Sandfly's approach is different - we focus on the underlying tactics of an attack, giving you unmatched threat coverage that never goes out of date. By disrupting tactics, Sandfly is able to find new and evasive attacks that often evade traditional agent-based solutions.

Sandfly Alert Detail

Are your Linux hosts compromised? Find out now.

Protect Hosts Now

Modular Intrusion Detection and Response

Our agentless Linux security platform sets the bar for threat hunting with its unique approach. Our modular system means that we're constantly adding more detection methods to enhance our capability, so you can rest assured that your infrastructure is always secure.

With Sandfly, you can customize your own threat hunting checks in an easy-to-learn syntax, allowing you to tailor your security measures to your unique needs. Our platform is a powerful tool for security and incident response teams, providing specific information on intruders and allowing teams to deploy a virtual expert Linux forensic investigator instantly

We currently have over 1,100 security and incident response modules, and the list grows each day. Our platform is designed specifically for Linux, so you can be confident that we're hunting for the threats that matter most. Below are just some of the threats we're constantly on the lookout for with Sandfly.

Sandflies List 4.0

Linux Intrusion, Compromise & Malware Threats Detected

  • Loadable Kernel Module and eBPF stealth rootkit detection

  • Standard rootkit detection

  • Cryptocurrency and cryptominer detection

  • Weak and default Linux user passwords

  • Hidden and suspicious processes

  • Processes performing suspicious network activity

  • Process masquerading

  • File masquerading and hiding

  • Poisoned system commands

  • Cloaked data from stealth rootkits

  • Tampered system start-up scripts

  • Encrypted and suspicious executable files

  • Unusual system binaries

  • Suspicious users and permissions

  • Hidden executables

  • System shells being used or concealed in suspicious ways

  • Process injection

  • Reverse bindshell exploits

  • Standard bindshell exploits

  • Compromised websites

  • Tampered audit records

  • Destroyed audit records

  • Webshells and backdoors

  • Anti-forensics activity

  • Cloaked backdoors

  • Privilege escalation backdoors

  • Malware persistence mechanisms

  • SSH keys being misused or orphaned

  • Suspicious user login and logout activities

  • Suspicious cron job and other scheduled tasks

  • Linux malware and Advanced Persistent Threat activity

  • Distributed Denial of Service (DDoS) agents

  • Password and network sniffers

  • Many others!

Secure Linux with Agentless Sandfly.

Protect Hosts Now