Get Sandfly

How many Linux systems do you need to secure?

Choose your payment plan

Home Lab

Industry leading protection for your home Linux network.

$8.33 per month*
Save 17% annually
  • Secure 10 Linux hosts
  • Agentless Linux Threat Detection
  • SSH Key Tracking
  • Password Auditing
  • Detailed Host and Forensic Views
  • Automated Scanning
Requires: Sandfly version 5.3.1 or later, a dedicated virtual machine, and an internet connection.

Air Gapped

Full featured license for air-gapped and isolated networks.

$66.67 per month*
($6.67 per host)
  • Secure 10 Linux hosts
  • All Professional Features
  • Works on Air Gapped and Isolated Networks
  • Customized Threat Hunting and Response
  • Powerful Third Party Integrations
  • SSO and More...
Requires: a dedicated virtual machine. License requires manual renewal at end of term.

Compare License Features

Home LabProfessionalAir Gapped
Visible AlertsUnlimitedUnlimitedUnlimited
Email Notifications1UnlimitedUnlimited
Syslog Notifications0UnlimitedUnlimited
Schedules2UnlimitedUnlimited
Additional UsersNoYesYes
Jump HostsNoYesYes
No Internet RequiredNoNoYes
Data Retention30 Days30 Days30 Days
Dynamic Pool ScanningYesYesYes
Container ScanningYesYesYes
Distributed ScanningNoYesYes
SSH HunterYesYesYes
Custom SandfliesYesYesYes
Automated ResponseYesYesYes
Technical SupportCommunity OnlyYesYes
Postgres ReplicationNoYesYes
Sentinel ReplicationNoYesYes
Splunk IntegrationNoYesYes
Elasticsearch IntegrationNoYesYes
Ad Hoc ScanNoYesYes
Got more questions?
Contact An Expert

Frequently Asked Questions

Sandfly was designed to monitor large Linux networks for signs of intrusion and requires a dedicated VM to operate. It can scan most Linux devices as long as they are running SSH which makes it suitable for a broad range of commercial applications.

For personal use, Sandfly can be used to protect small home networks from intrusion but isn't intended to be installed on and protect a single device like a traditional virus scanning product would.

We secure the widest range of Linux systems of any product on the market and protect virtually all distributions of Linux. 

This spans, for example, systems that are 10+ years old up to modern distributions at cloud providers. Sandfly works with Linux versions running Intel, AMD, Arm, MIPS and IBM Power CPUs without any special modifications. We also support embedded systems with MIPS or ARM processors such as Raspberry Pi. Basically, because of its agentless architecture, Sandfly only requires that your Linux hosts be running SSH. 

Sandfly has been tested against the following Linux distributions, but will work on many more:

  • CentOS

  • RedHat

  • Ubuntu

  • Suse

  • Oracle

  • Alma

  • Rocky

  • Fedora

  • Debian

  • Arch

  • Amazon Linux Images

  • Digital Ocean Linux Images

  • Microsoft Azure Images

  • Raspberry Pi and other embedded systems

  • Customized Distributions

Basically, as many as you have resources to protect. The server/node architecture of Sandfly can be distributed using named queues and jump hosts to scale as needed. Each node for instance can protect many thousands of hosts with minimal hardware resources, and new nodes can be added to scale upwards.

Servers are limited only by the CPU/RAM you wish to dedicate to load scaling. Multiple servers can be used to distribute larger deployments. You can also choose how much and where to store forensic data according to your requirements. For context, we have customers using Sandfly to protect tens of thousands of Linux hosts.

A basic install requires one or more systems capable of running Docker or Podman (Sandfly is Dockerized) with these minimum requirements:

  • A server with a minimum 8GB  RAM running Linux for smaller deployments and scaling up from there. This server runs the REST API and database.

  • A scanning node with a minimum 2GB of RAM running Linux. A node runs multiple containers for performance and redundancy so you can cover thousands of hosts very easily.

We also offer  a simple, single host install where both server and node run on the same system. However, for higher security and production performance, we recommend you run each on their own VM. 

Still not sure what license is right for you?

Contact An Expert