Helm Chart
Installation Prerequisites
Event forwarder can be configured in an environment that is monitored by Spyderbat Nano Agents. Red flag events and/or spydertraces will only be exported via event forwarder integration for those hosts where a Spyderbat Nano Agent is installed and in good health.
Only one instance of the event forwarder needs to be configured for each environment as it is associated with a unique organization ID. Having multiple instances of the event forwarder in the same environment can result in duplicate ingestion of security events (red flags or spydertraces).
Please check out this section of our portal to learn more about the Spyderbat Nano Agent and the installation details.
Install Event Forwarder into a Kubernetes Environment via Helm Chart
If you are monitoring a Kubernetes cluster, you can use a very quick and easy deployment approach via a simple Helm Chart to install the Spyderbat Event Forwarder. It will produce an output to stdout as well as a pvc backed file for easier consumption.
You can access our GitHub public repo to retrieve this Helm Chart here.
git clone https://github.com/spyderbat/event-forwarder.git
cd event-forwarder/helm-chart/event-forwarder
helm install <release-name> . --namespace spyderbat --set spyderbat.spyderbat_org_uid=<ORG_ID> --set spyderbat.spyderbat_secret_api_key=<API_KEY> --create-namespace
You have the following values to override:
Value
Description
Default
Required
spyderbat.spyderbat_org_uid
org uid to use
your_org_uid
Y
spyderbat.spyderbat_secret_api_key
api key from console
your_api_key
Y
spyderbat.api_host
api host to use
api.prod.spyderbat.com
N
namespace
namespace to install to
spyderbat
N
spyderbat.matching_filters
only write out events that match these regex filters (json/yaml array of strings syntax)
.*
N
spyderbat.expr
only write out events that match this expression
true
N
To validate if the install was successful, run the following command:
kubectl logs statefulset.apps/sb-forwarder-event-forwarder -n spyderbat
Once run, you should see a similar output to what we have in the example below at the top of the logs followed by any/all events in your organization (possibly filtered if using matching filters) in ndjson format:
starting spyderbat-event-forwarder (commit 4f833d1b02da96fb9df39c38cc9be725e17967fb; 2023-03-29T16:59:19Z; go1.20.2; arm64)
loading config from ./config.yaml
org uid: spyderbatuid
api host: api.kangaroobat.net
log path: /opt/local/spyderbat/var/log
local syslog forwarding: false
{"id":"event_alert:k75NGuJ9Sn0:Y_fKWg:3259:iptables"...
Next Steps
To learn more about the event forwarder and how you can use it to integrate Spyderbat with your other solutions, see this page.
Last updated
Was this helpful?