Sandfly is an agentless threat detection and incident response platform purpose-built for Linux.


Sandfly is best understood as a compromise detection or intrusion tactics hunter. This is a shift in how many EDR systems work as Sandfly specifically hunts for intruder activity the same way a very experienced Linux forensic investigator would. The difference is that Sandfly has a far deeper knowledge of attack tactics than a human investigator and we operate instantly and at very large scale.


Why? Sandfly is 100% automated to check your systems 24 hours a day to give you instant alerts to trouble. With Sandfly running you have a constant presence on your Linux fleet hunting for intruders and without the risk and hassle of installing endpoint agents.


If you are an incident responder, Sandfly can be used in a manual mode to instantly assess systems for compromise and pull critical forensic data to speed up your investigation and clean-up. This allows your organization to get back in operation as quickly as possible saving valuable time and limiting damage.