# Sandfly Security

Generated on 23 Mar 2026 from [the Sandfly Security catalog page](https://marketplace.digitalocean.com/apps/sandflysecurity)

Sandfly is an agentless intrusion detection and incident response platform for all versions of Linux. Sandfly deploys without installing any software on your endpoints giving instant 24/7 protection against compromised systems. Sandfly automatically finds hackers, rootkits and malware across your Linux fleet with detailed forensic information about suspicious processes, users, files, directories, audit log tampering and more.

## Software Included

| Package | Version | License |
|---|---|---|
| Sandfly Security | 5.7.0 | Commercial |

## Creating an App using the Control Panel

Click the **Deploy to DigitalOcean** button to create a Droplet based on this 1-Click App. If you aren’t logged in, this link will prompt you to log in with your DigitalOcean account.

[![Deploy to DO](https://www.deploytodo.com/do-btn-blue.svg)](https://cloud.digitalocean.com/droplets/new?image=sandflysecurity-20-04)

## Creating an App using the API

In addition to creating a Droplet from the Sandfly Security 1-Click App using the control panel, you can also use the [DigitalOcean API](https://docs.digitalocean.com/reference/api). As an example, to create a 4GB Sandfly Security Droplet in the SFO2 region, you can use the following `curl` command. You need to either save your [API access token](https://docs.digitalocean.com/reference/api/create-personal-access-token/index.html.md) to an environment variable or substitute it in the command below.

```shell
curl -X POST -H 'Content-Type: application/json' \
         -H 'Authorization: Bearer '$TOKEN'' -d \
        '{"name":"choose_a_name","region":"sfo2","size":"s-2vcpu-4gb","image":"sandflysecurity-20-04"}' \
        "https://api.digitalocean.com/v2/droplets"
```

## Getting Started After Deploying Sandfly Security

After the Droplet is created, wait a couple of minutes for the automatic installation to complete. Then access the Sandfly Droplet in a web browser at https://your\_droplet\_public\_ipv4 (accept the self-signed certificate warning; see the documentation for [instructions on installing a valid certificate](https://docs.sandflysecurity.com/docs/server-install-cloud-image-do). You will be prompted to set your initial admin password and can then use it to log in to Sandfly.