The Threat Map is your first indicator of a threat detected by Sandfly. Normally the Threat Map should always show green. However, if it shows red, then Sandfly detected a problem and you can use the UI to dig deeper into the situation.
Sandfly Dashboard Showing Alerts
Threat Map Stats
The numbers at the top indicate how many alerts, errors and passed checks Sandfly has seen. Plus you can see how many licensed and active hosts are currently in the system.
Sandfly Hero Screen
Clicking anywhere within each box takes you directly to that result type. For instance, the Alerts box takes you to a filtered view of only alerts.
Threat Map View
The area below the top statistics is a heat map that shows threats detected mapped against the Mitre ATT&CK and Sandfly threat type. Normally this heatmap should be all green. Any red indicators mean one or more threats were seen. The brighter the color, the more of that particular threat type has been found.
The Threat Map keeps rolling figures out to 72 hours. The time scale on the bottom shows how old a threat is. In the example below Sandfly has found very recent threats after having 72 hours of no activity seen.
Sandfly Threat Map
Previous Article: | Next Article: | ![]() |