Scanning Hosts Manually
Although Sandfly is designed to work automatically to constantly scan for threats, you can also use it to do manual spot checks to make sure everything is OK. Also, you can use Sandfly for incident response by sending it to investigate groups of hosts for signs of compromise all at once.
To scan hosts manually, you will need to select hosts under the Hosts Tab, then select the Sandflies you want to run against the hosts. After you do this, you will select the Scan button and Sandfly will check the hosts and report back results you can view under the Results section.
Selecting Hosts to Scan
The scan selection dialog will walk you through several steps. First, select the hosts you want scanned.
Selecting hosts to scan
Select Sandfly Modules to Use
After selecting which hosts to scan, you will want to pick which sandflies to run against them. Here you can select all sandflies, a single sandfly or a specific sandfly threat groups such as file, directory, process, log, or user sandflies.
Click on the Finish button once you are done choosing the sandflies. The scan will be added into the task queue and then sent to the nodes for processing.
Once processed, the results will begin showing up in the results section or on the dashboard.