Sandfly Security

Sandfly is an agentless intrusion detection and incident response platform for all versions of Linux. Sandfly deploys without installing any software on your endpoints giving instant 24/7 protection against compromised systems. Sandfly automatically finds hackers, rootkits and malware across your Linux fleet with detailed forensic information about suspicious processes, users, files, directories, audit log tampering and more. Our 1-Click App gives you a free 20 host Personal Edition license and provides instant security and compromise detection on Linux.

Software Included

Package Version License
Sandfly Security 5.0.5 Commercial

Creating an App using the Control Panel

Click the Deploy to DigitalOcean button to create a Droplet based on this 1-Click App. If you aren’t logged in, this link will prompt you to log in with your DigitalOcean account.

Deploy to DO

Creating an App using the API

In addition to creating a Droplet from the Sandfly Security 1-Click App using the control panel, you can also use the DigitalOcean API. As an example, to create a 4GB Sandfly Security Droplet in the SFO2 region, you can use the following curl command. You need to either save your API access token) to an environment variable or substitute it in the command below.

curl -X POST -H 'Content-Type: application/json' \
         -H 'Authorization: Bearer '$TOKEN'' -d \
        '{"name":"choose_a_name","region":"sfo2","size":"s-2vcpu-4gb","image": "sandflysecurity-20-04"}' \

Getting Started After Deploying Sandfly Security

After the Sandfly instance starts, log into the system and the automatic install script will execute and generate a free 20-host personal edition license to use immediately:

ssh root@your_droplet_public_ipv4

After the install completes you will be given a randomly generated password to login to the system web interface. At that point you can add your host credentials and do automated or manual scans for intruders, rootkits, malware and much more on your Linux systems.