Server Configuration

The server configuration page contains the core settings for the Sandfly server, which is accessed by expanding the Settings option in the sidebar and then selecting Server Configuration.

The various server settings can be accessed by changing to any of the following tabs:

• General - Includes the following core options:
  • Data Retention in Days - Change the number of days that Sandfly will retain results data, audit logs, and error logs on the Sandfly server. The field's help text reflects the highest possible value that can be set based on your license. This setting has no effect on replicated data. Retention will have an effect on your storage requirements, be certain to monitor and adjust space in an appropriate ratio based of the number hosts scanned and percent / types of selected Sandflies.
  • Pass Data Retention in Days - Change the number of days that Sandfly will retain "pass" results data on the Sandfly server. The field's help text reflects the highest possible value that can be set based on your license. If "pass" results are not mandatory or important to be locally maintained along side the entire set of alert and error results for whatever reason, a setting that is lower than the base retention period will help to reduce the size of the Sandfly database.
  • Agent Binary Names - When running a scan on a host, the Sandfly binary and process name will be a random choice from this comma-separated list. Names must only contain letters, numbers, dashes and underscores. This feature provides further evasion resistance against being bypassed during normal scans. It also gives additional protection for incident response teams wishing to keep a low profile during their investigations.
• SSO Configuration - Sandfly supports single sign-on (SSO) using SAMLv2.
  • See SSO Configuration for complete configuration details.
• Elasticsearch Replication - Sandfly results are replicated to the provided Elasticsearch database.
  • See Elasticsearch Replication for complete configuration details.
• Postgres Replication - Sandfly results are replicated to the provided PostgreSQL database.
  • See Postgres Replication for complete configuration details.

ℹ️

INFO: Upgrade Features - Replication and SSO

The ability to configure and use replication or single sign-on requires an upgraded plan. Please see https://www.sandflysecurity.com/get-sandfly/ for details.