Sandfly Forensic Keyword List

This section lists out the forensic data Sandfly can return as part of its results. In the UI you will see this data in the forensics viewer. In the REST API (https://api.sandflysecurity.com/) it will be returned as a JSON object. This data is also passed over syslog to your destination of choice (e.g. SIEM or log aggregator).

Relevant keywords are returned for the detected attack type. For instance, you will only see process related keywords if a malicious process is the detected problem. File data only shows for file related detections, etc.

Previous Article:

License - EULA

Next Article:

Header Data

JSON Keywords for Linux Forensic Data Print

Sandfly Forensic Keyword List

Related Articles