Scan

Scanning Hosts Manually

Although Sandfly is designed to work automatically to constantly scan for threats, you can also use it to do manual spot checks to make sure everything is OK. Also, you can use Sandfly for incident response by sending it to investigate groups of hosts for signs of compromise all at once.

To scan hosts manually from the Create New Scan form, hosts and the Sandflies that you want to run against the hosts will need to be selected. Once the form is submitted Sandfly will check the selected hosts and report back results, which can be viewed under the Results section.

Selecting Hosts to Scan

The new scan form will walk you through two steps. For step 1, select one or more active hosts.

Selecting Hosts to Scan

Selecting Hosts to Scan

Select Sandfly Modules to Use

After selecting which hosts to scan, you will need to pick which sandflies to run against them for step 2. Here select one or more sandflies or a specific sandfly threat group, such as file, directory, process, log, or user sandflies.

Selecting Sandflies

Selecting Sandflies

Finish

Change the default priority if necessary, otherwise click on the Finish button. The manual scan will be added into the task queue and then sent on to the appropriate nodes for processing.

Finish Scan

Finish Scan

Once processed, the results will begin showing up in the Results section or on the dashboard.