Get Sandfly
Choose your payment plan
Home Lab
Industry leading protection for your home Linux network.
- Secure 10 Linux hosts
- Agentless Linux Threat Detection
- SSH Key Tracking
- Password Auditing
- Detailed Host and Forensic Views
- Automated Scanning
Professional
Full featured subscription for professional use.
- Secure 10 Linux hosts
- All Features Enabled
- Unlimited Users
- Customized Threat Hunting and Response
- Powerful Third Party Integrations
- SSO and More...
Air Gapped
Full featured license for air-gapped and isolated networks.
- Secure 10 Linux hosts
- All Professional Features
- Works on Air Gapped and Isolated Networks
- Customized Threat Hunting and Response
- Powerful Third Party Integrations
- SSO and More...
Compare License Features
Home Lab | Professional | Air Gapped | |
---|---|---|---|
Visible Alerts | Unlimited | Unlimited | Unlimited |
Email Notifications | 1 | Unlimited | Unlimited |
Syslog Notifications | 0 | Unlimited | Unlimited |
Schedules | 2 | Unlimited | Unlimited |
Additional Users | No | ||
Jump Hosts | No | ||
No Internet Required | No | No | |
Data Retention | 30 Days | 30 Days | 30 Days |
Dynamic Pool Scanning | |||
Container Scanning | |||
Distributed Scanning | No | ||
SSH Hunter | |||
Custom Sandflies | |||
Automated Response | |||
Technical Support | Community Only | ||
Postgres Replication | No | ||
Sentinel Replication | No | ||
Splunk Integration | No | ||
Elasticsearch Integration | No | ||
Ad Hoc Scan | No |
Frequently Asked Questions
Sandfly was designed to monitor large Linux networks for signs of intrusion and requires a dedicated VM to operate. It can scan most Linux devices as long as they are running SSH which makes it suitable for a broad range of commercial applications.
For personal use, Sandfly can be used to protect small home networks from intrusion but isn't intended to be installed on and protect a single device like a traditional virus scanning product would.
We secure the widest range of Linux systems of any product on the market and protect virtually all distributions of Linux.
This spans, for example, systems that are 10+ years old up to modern distributions at cloud providers. Sandfly works with Linux versions running Intel, AMD, Arm, MIPS and IBM Power CPUs without any special modifications. We also support embedded systems with MIPS or ARM processors such as Raspberry Pi. Basically, because of its agentless architecture, Sandfly only requires that your Linux hosts be running SSH.
Sandfly has been tested against the following Linux distributions, but will work on many more:
CentOS
RedHat
Ubuntu
Suse
Oracle
Alma
Rocky
Fedora
Debian
Arch
Amazon Linux Images
Digital Ocean Linux Images
Microsoft Azure Images
Raspberry Pi and other embedded systems
Customized Distributions
Basically, as many as you have resources to protect. The server/node architecture of Sandfly can be distributed using named queues and jump hosts to scale as needed. Each node for instance can protect many thousands of hosts with minimal hardware resources, and new nodes can be added to scale upwards.
Servers are limited only by the CPU/RAM you wish to dedicate to load scaling. Multiple servers can be used to distribute larger deployments. You can also choose how much and where to store forensic data according to your requirements. For context, we have customers using Sandfly to protect tens of thousands of Linux hosts.
A basic install requires one or more systems capable of running Docker or Podman (Sandfly is Dockerized) with these minimum requirements:
A server with a minimum 8GB RAM running Linux for smaller deployments and scaling up from there. This server runs the REST API and database.
A scanning node with a minimum 2GB of RAM running Linux. A node runs multiple containers for performance and redundancy so you can cover thousands of hosts very easily.
We also offer a simple, single host install where both server and node run on the same system. However, for higher security and production performance, we recommend you run each on their own VM.