Adding a schedule to scan hosts consists of completing a set of questions that are broken out into two sections. A new schedule form can be opened in on...

Adding a schedule to discover hosts consists of completing a set of questions that are broken out into five sections. Introduced in Sandfly 4.2, the ne...

You can view a schedule by clicking anywhere within its table row, except for the checkbox in the first column. Viewing a Sandfly Schedule The sch...

Pausing a Schedule You may want to pause a schedule for maintenance and administration reasons. Simply click on the schedule you want to pause and click th...

Sandflies are the heart of the Sandfly system. Sandflies are small pieces of code that are highly targeted for specific investigation and forensic evide...

Sandfly uses high level types to categorize the types of threats that can be seen on a host. These categories are: File Process User Directory Log Po...

You can view all the sandflies present in the system by clicking on the Sandflies menu option. This will give a listing of all available sandflies along wit...

A sandfly can be deactivated if you never want it to run. This is a valid option if it is causing a false alarm in your environment and whitelisting the ale...

Sandfly has the ability to actively respond to detected threats. The current version supports killing or suspending process activity that a user wants targe...

Sandfly is written to have an extremely low chance of false alarms. However, in some environments you may have a configuration that can cause a sandfly to a...