Spyderbat
Book a DemoStart FreeContact Us
  • Spyderbat Product Docs
  • Getting Started
    • Create an Organization
    • Install the Nano Agent
    • Three Things to Try with Spyderbat Community Edition
    • Manage Users and Roles
  • Installation
    • Spyderbat Nano Agent
      • Kubernetes
        • Pre Deployment Environment Data Collection Script
      • Linux Standalone
      • AWS Unattended Install
        • Secure your Registration Code with AWS Secrets Manager
      • Create a Golden Image with the Nano Agent Pre-Installed
    • Spyderbat AWS Agent
      • AWS Linux VM
      • Kubernetes
      • Configuration Guide - AWS Linux VM
      • Configuration Guide - Kubernetes
    • Install Spyctl CLI
      • Initial Configuration
    • Install Spydertop CLI
    • Install the Spyderbat Event Forwarder
      • Helm Chart
      • Traditional Installer
  • Concepts
    • Guardian & Interceptor
      • Ruleset Policies
      • Workload Policies
    • Flashback (Go Back In Time)
      • Investigations
    • Search
      • Saved Searches
    • Summarize
      • Spydertrace Summarize
    • Dashboards
      • Dashboard Categories
    • Reports
    • Notifications
      • Notification Targets
      • Notification Templates
    • Actions
    • Integrations
      • AWS Integration
      • Spyderbat Event Forwarder
    • Suppression & Tuning
    • Scout (Detections)
      • Custom Flags
  • Tutorials
    • Flashback
      • How to Use the Investigations Feature in Spyderbat
    • Guardian
      • How to Lock Down Your Workloads With Guardian Policies Using Spyctl
      • How to Put Guardrails Around Your K8s Clusters Using Spyctl
    • Integrations
      • How to Configure Event Forwarder Webhook for Panther
      • How to Set Up Spyderbat to Ingest Falco Alerts
      • How to Create and Use a Spyderbat API Key
    • Notifications
      • How to Set Up Notifications Using Spyctl
      • How to Set up Agent-Health Notifications Using Spyctl
    • Dashboards
    • Miscellaneous
      • How to Set Up Spyderbat to Monitor Systems From vulnhub.com
    • Scout (Detections)
      • How to Set Up Custom Flags Using Spyctl CLI
  • Reference
    • Policies
      • Response Actions
    • Rulesets
    • Selectors
    • Notifications
    • Spyctl CLI
      • Spyctl Commands
      • Guardian Policy Management using Spyctl
      • Notification Template Management using Spyctl
      • Notification Target Management using Spyctl
    • Search
      • All Operators
      • All Fields
      • All Related Objects
  • Quick Links
    • Contact Us
    • Try Spyderbat for Free
    • Book a Demo
Powered by GitBook

© SPYDERBAT, Inc., All Rights Reserved

On this page
  • Installation Prerequisites
  • Install Event Forwarder into a Kubernetes Environment via Helm Chart
  • Next Steps

Was this helpful?

Export as PDF
  1. Installation
  2. Install the Spyderbat Event Forwarder

Helm Chart

Last updated 1 year ago

Was this helpful?

Installation Prerequisites

Event forwarder can be configured in an environment that is monitored by Spyderbat Nano Agents. Red flag events and/or spydertraces will only be exported via event forwarder integration for those hosts where a Spyderbat Nano Agent is installed and in good health.

Only one instance of the event forwarder needs to be configured for each environment as it is associated with a unique organization ID. Having multiple instances of the event forwarder in the same environment can result in duplicate ingestion of security events (red flags or spydertraces).

Please check out to learn more about the Spyderbat Nano Agent and the installation details.

Install Event Forwarder into a Kubernetes Environment via Helm Chart

If you are monitoring a Kubernetes cluster, you can use a very quick and easy deployment approach via a simple Helm Chart to install the Spyderbat Event Forwarder. It will produce an output to stdout as well as a pvc backed file for easier consumption.

You can access our GitHub public repo to retrieve this Helm Chart .

git clone https://github.com/spyderbat/event-forwarder.git
cd event-forwarder/helm-chart/event-forwarder
helm install <release-name> . --namespace spyderbat --set spyderbat.spyderbat_org_uid=<ORG_ID> --set spyderbat.spyderbat_secret_api_key=<API_KEY> --create-namespace

You have the following values to override:

Value

Description

Default

Required

spyderbat.spyderbat_org_uid

org uid to use

your_org_uid

Y

spyderbat.spyderbat_secret_api_key

api key from console

your_api_key

Y

spyderbat.api_host

api host to use

api.prod.spyderbat.com

N

namespace

namespace to install to

spyderbat

N

spyderbat.matching_filters

only write out events that match these regex filters (json/yaml array of strings syntax)

.*

N

spyderbat.expr

only write out events that match this expression

true

N

matching_filters and expr cannot be combined. Use one or none.

To validate if the install was successful, run the following command:

kubectl logs statefulset.apps/sb-forwarder-event-forwarder -n spyderbat

Once run, you should see a similar output to what we have in the example below at the top of the logs followed by any/all events in your organization (possibly filtered if using matching filters) in ndjson format:

starting spyderbat-event-forwarder (commit 4f833d1b02da96fb9df39c38cc9be725e17967fb; 2023-03-29T16:59:19Z; go1.20.2; arm64)
loading config from ./config.yaml
org uid: spyderbatuid
api host: api.kangaroobat.net
log path: /opt/local/spyderbat/var/log
local syslog forwarding: false
{"id":"event_alert:k75NGuJ9Sn0:Y_fKWg:3259:iptables"...

Next Steps

To learn more about the event forwarder and how you can use it to integrate Spyderbat with your other solutions, see .

this section of our portal
here
this page