Sandfly is an agentless intrusion detection and incident response platform for Linux. Sandfly automatically analyzes Linux hosts for intruders 24 hours a day without loading any software on your endpoints. Additionally, Sandfly can retrieve hardware, operating system and related data for analysis in Splunk. Sandfly works across virtually all Linux distributions immediately without risk to stability or performance. The Sandfly Security App for Splunk includes dashboards, reports and logic for analyzing data ingested from a Sandfly server such as security alerts, suspicious activity and general software and hardware metrics. Data retrieved by Sandfly can also be used by Splunk users to build anomaly detection models, incident response and insights into software and hardware versions of your Linux fleet. This is a technology add-on that ingests events (Alarms, Passed, Errors) from a Sandfly Security server using the Sandfly Security REST API. This add-on (TA-sandfly-security) ingests data into your specified index and sets the correct sourcetype (sandfly:alarms) for each event. Events are ingested as JSON formatted events.