Spyderbat
Book a DemoStart FreeContact Us
  • Spyderbat Product Docs
  • Getting Started
    • Create an Organization
    • Install the Nano Agent
    • Three Things to Try with Spyderbat Community Edition
    • Manage Users and Roles
  • Installation
    • Spyderbat Nano Agent
      • Kubernetes
        • Pre Deployment Environment Data Collection Script
      • Linux Standalone
      • AWS Unattended Install
        • Secure your Registration Code with AWS Secrets Manager
      • Create a Golden Image with the Nano Agent Pre-Installed
    • Spyderbat AWS Agent
      • AWS Linux VM
      • Kubernetes
      • Configuration Guide - AWS Linux VM
      • Configuration Guide - Kubernetes
    • Install Spyctl CLI
      • Initial Configuration
    • Install Spydertop CLI
    • Install the Spyderbat Event Forwarder
      • Helm Chart
      • Traditional Installer
  • Concepts
    • Guardian & Interceptor
      • Ruleset Policies
      • Workload Policies
    • Flashback (Go Back In Time)
      • Investigations
    • Search
      • Saved Searches
    • Summarize
      • Spydertrace Summarize
    • Dashboards
      • Dashboard Categories
    • Reports
    • Notifications
      • Notification Targets
      • Notification Templates
    • Actions
    • Integrations
      • AWS Integration
      • Spyderbat Event Forwarder
    • Suppression & Tuning
    • Scout (Detections)
      • Custom Flags
  • Tutorials
    • Flashback
      • How to Use the Investigations Feature in Spyderbat
    • Guardian
      • How to Lock Down Your Workloads With Guardian Policies Using Spyctl
      • How to Put Guardrails Around Your K8s Clusters Using Spyctl
    • Integrations
      • How to Configure Event Forwarder Webhook for Panther
      • How to Set Up Spyderbat to Ingest Falco Alerts
      • How to Create and Use a Spyderbat API Key
    • Notifications
      • How to Set Up Notifications Using Spyctl
      • How to Set up Agent-Health Notifications Using Spyctl
    • Dashboards
    • Miscellaneous
      • How to Set Up Spyderbat to Monitor Systems From vulnhub.com
    • Scout (Detections)
      • How to Set Up Custom Flags Using Spyctl CLI
  • Reference
    • Policies
      • Response Actions
    • Rulesets
    • Selectors
    • Notifications
    • Spyctl CLI
      • Spyctl Commands
      • Guardian Policy Management using Spyctl
      • Notification Template Management using Spyctl
      • Notification Target Management using Spyctl
    • Search
      • All Operators
      • All Fields
      • All Related Objects
  • Quick Links
    • Contact Us
    • Try Spyderbat for Free
    • Book a Demo
Powered by GitBook

© SPYDERBAT, Inc., All Rights Reserved

On this page
  • Overview
  • What is Summarize?
  • How to Use Summarize
  • 1. Manual Summarization
  • 2. Automatic Summarization
  • Benefits of Summarize
  • Conclusion

Was this helpful?

Export as PDF
  1. Concepts
  2. Summarize

Spydertrace Summarize

Last updated 1 month ago

Was this helpful?

Overview

Spyderbat's Summarize feature provides a quick, structured summary of a Spydertrace investigation, enabling users to understand key details without manually analyzing the trace. This feature enhances threat detection efficiency and streamlines the investigative process.

Note: Summarize is available only on an opt-in basis per organization. It requires approval to send data to OpenAI. To enable the feature, navigate to Admin → Organization Management → AI Management. Here, you can opt in or out, track your monthly usage quota, and view the Recent Summarize Usage Log.

By default, a monthly quota of 50 is provided, with each trace summary consuming one. You can contact us to request an increase.

What is Summarize?

The Summarize feature in Spyderbat generates a concise summary of a Spydertrace, highlighting critical security insights.

Behind the scenes, it takes the Spydertrace as input, sends it to OpenAI, and generates a concise, easy-to-understand summary.

How to Use Summarize

There are two ways to generate a summary: Manual and Automatic.

1. Manual Summarization

To manually summarize a Spydertrace, click the Summarize button. The summary generation process may take a few seconds.

Example 1: Search

  • Search for the relevant Spydertrace.

  • If you find a high-score Spydertrace in a restricted cluster, and want to quickly understand its details, click Summarize to generate a summary instantly.

Example 2: Investigation

  • Within the Spyderbat Investigation view, click Summarize on top-right to generate a summary.

  • Based on the insights, take immediate action as needed.

2. Automatic Summarization

Automatic summarization enables AI-powered summary generation for every Spydertrace saved search.

  • When enabled, the system automatically generates structured summaries for saved Spydertrace investigations.

Example:

If you want a summary for every high-score Spydertrace (e.g., score 100), follow these steps:

  • Search for the high-score Spydertrace.

  • Add it to a saved search.

  • Add description, target as desired.

  • In Additional Settings, enable Auto AI Summarization and Save.

Once enabled, every time a high-score Spydertrace occurs, you will receive a notification with an investigation link to review the Spydertrace. With automatic summarization, you don't have to wait for the summary to generate—it is ready instantly.

Note: Only enable Automatic AI Summarization based on your organization's quota.

You can also view summarized traces in AI Management's Recent Logs.

Benefits of Summarize

⏳ Time Efficiency

Reduces manual effort in analyzing complex security traces.

⚡ Quick Incident Response

Enables security teams to respond faster with key insights readily available.

🔍 Improved Security Insights

Highlights critical security concerns such as unauthorized access, suspicious executions, and potential breaches.

📑 Simplified Investigation

Provides a structured view of incidents, aiding forensic analysis and remediation planning.

Conclusion

Spyderbat’s Summarize feature enhances security investigations by providing automated, structured, and insightful summaries of activities. By leveraging this feature, security teams can quickly detect, understand, and mitigate potential