Sandfly Security
Generated on 23 Apr 2025 from the Sandfly Security catalog page
Sandfly is an agentless intrusion detection and incident response platform for all versions of Linux. Sandfly deploys without installing any software on your endpoints giving instant 24/7 protection against compromised systems. Sandfly automatically finds hackers, rootkits and malware across your Linux fleet with detailed forensic information about suspicious processes, users, files, directories, audit log tampering and more.
Software Included
| Package | Version | License |
|---|---|---|
| Sandfly Security | 5.4.1 | Commercial |
Creating an App using the Control Panel
Click the Deploy to DigitalOcean button to create a Droplet based on this 1-Click App. If you aren’t logged in, this link will prompt you to log in with your DigitalOcean account.
Creating an App using the API
In addition to creating a Droplet from the Sandfly Security 1-Click App using the control panel, you can also use the DigitalOcean API. As an example, to create a 4GB Sandfly Security Droplet in the SFO2 region, you can use the following curl command. You need to either save your API access token) to an environment variable or substitute it in the command below.
curl -X POST -H 'Content-Type: application/json' \
-H 'Authorization: Bearer '$TOKEN'' -d \
'{"name":"choose_a_name","region":"sfo2","size":"s-2vcpu-4gb","image": "sandflysecurity-20-04"}' \
"https://api.digitalocean.com/v2/droplets"Getting Started After Deploying Sandfly Security
After the Sandfly instance starts, log into the system and the automatic install script will execute:
ssh root@your_droplet_public_ipv4
After the install completes you will be given a randomly generated password to login to the system web interface. At that point you can add your host credentials and do automated or manual scans for intruders, rootkits, malware and much more on your Linux systems.