# Install the Spyderbat Event Forwarder

{% hint style="warning" %}
The Event Forwarder requires SIEM forwarding to be enabled on at least one saved query before it will receive events. See [SIEM Forwarding](https://docs.spyderbat.com/concepts/integrations/siem-forwarding) to set up the control plane first.
{% endhint %}

The Spyderbat Event Forwarder is an open-source binary ([github.com/spyderbat/event-forwarder](https://github.com/spyderbat/event-forwarder)) that polls the Spyderbat SIEM API and delivers events to your destination. It supports files, stdout, syslog, and HTTP webhooks.

## Deployment options

| Deployment            | When to use                         | Guide                                                                                                            |
| --------------------- | ----------------------------------- | ---------------------------------------------------------------------------------------------------------------- |
| Helm chart            | Kubernetes environments             | [Helm Chart](https://docs.spyderbat.com/installation/spyderbat-event-forwarder/helm-chart)                       |
| Traditional installer | Linux systemd (VM, bare metal, EC2) | [Traditional Installer](https://docs.spyderbat.com/installation/spyderbat-event-forwarder/traditional-installer) |

Run only one Event Forwarder instance per organization. Multiple instances each deliver the full event stream, producing duplicates.

For architecture details, see [Spyderbat Event Forwarder](https://docs.spyderbat.com/concepts/integrations/spyderbat-event-forwarder).