search
Book a DemoStart FreeContact Us

Spyderbat Nano Agent

Nano Agent operational principles, compatibility, network requirements and proxy support, general FAQ

hashtag
How does Spyderbat collect data?

Spyderbat collects data by deploying a lightweight “Nano Agent” for Linux based systems. The agent leverages eBPFarrow-up-right (“extended Berkeley Packet Filter”) filters to build a continuous map of activity within and across systems.

hashtag
Why do I need to install an agent?

Existing endpoint agents and system logs do not include the necessary information required by Spyderbat to build a complete, living map of causal activity within and across systems. Spyderbat’s Nano Agent is optimized to collect this information so that analysts can see the complete causal attack picture across systems, users, and time.

hashtag
What is the impact of the Spyderbat Nano Agent on the system?

Spyderbat has observed minimal impact on system resources (CPU, memory), and minimal network bandwidth impact due to heavy compression.

hashtag
What operating systems are currently supported?

Spyderbat currently supports the following Linux systems:

Linux Version
Architecture

AlmaLinux 9

x86_64 / Power64le

Amazon Linux 2

x86_64 / ARM64

Amazon Linux 2022

x86_64 / ARM64

Amazon Linux 2023

x86_64

Amazon Linux Bottlerocket

x86_64

CentOS 7 up to 7.6 (with El Repo LT)

x86_64

CentOS 7.6+ (with Kernel 3.10.0-957+)

x86_64

CentOS 8

x86_64

Debian 11

x86_64

Debian 12

x86_64 / ARM64

Debian 13

x86_64 / ARM64

Flatcar Container Linux (3227.2.1; 3374.2.3)

x86_64

Google Container-Optimized OS (GCOS)

x86_64

Kali 2021.2

x86_64

RHEL 7.6+ (with Kernel 3.10.0-957+)

x86_64

RHEL 8

x86_64 / Power64le

RHEL 9

x86_64 / Power64le

Rocky Linux 8

x86_64 / Power64le

Rocky Linux 9

x86_64 / Power64le

Sangoma 16 (with El Repo LT)

x86_64

SLES

x86_64 / Power64le

Ubuntu 18.04. LTS

x86_64

Ubuntu 20 Desktop

x86_64

Ubuntu 20.04 LTS

x86_64 / ARM64

Ubuntu 20.10

x86_64

Ubuntu 22.04

x86_64

Ubuntu 24.04

x86_64

hashtag
What K8s Distributions are currently supported?

Spyderbat Nano Agents can be currently installed on the K8s clusters utilizing the following distributions:

K8s Distribution
Node Operating System
Container Runtime

EKS

Amazon Linux 2 Bottlerocket

containerd or Docker

GKE

Ubuntu GCOS

containerd

Red Hat OpenShift

V4.xx Power64le

containerd or Docker

Rancher RKE and RKE2

Ubuntu 20 LTS

containerd or Docker

MicroK8s

Ubuntu 22 LTS

containerd

K3s

Ubuntu 22 LTS

containerd

aks

Ubuntu 22 LTS

containerd

robin.io

RockyLinux 8 or 9

containerd

Spyderbat Nano Agents use only standard Kubernetes APIs and standard Kubernetes resources. It should run on most Kubernetes clusters.

hashtag
What are the Nano Agent’s network requirements?

Ensure that the systems running the Nano Agent have outbound access on port 443 to https://orc.spyderbat.com.

hashtag
Does the Nano Agent support network proxies?

Yes. If you have a proxy configured and you have Linux environment variables like:

The installation script will automatically grab the environment variables from your terminal using the “-E” flag and pass those to the agent as required.

hashtag
Is information sent securely from the Nano Agent?

Yes. Spyderbat securely encrypts information sent by the Nano Agent to the Spyderbat backend using TLS.

hashtag
Does the Nano Agent support systems hosted in AWS?

The Nano Agent can be installed on any of the supported systems listed above as virtual or physical machines. Additionally, the Nano Agent collects metadata from AWS instances such as Cloud Tags, Region, Zone etc. To collect this metadata, ensure your AWS instances have an appropriate IAM (read only) role assigned to them such as “AmazonEC2ReadOnlyAccess”, see https://docs.aws.amazon.com/AWSEC2/latest/WindowsGuide/security-iam-awsmanpol.html

hashtag
How do I start and stop the Nano Agent from the command line?

To start the Nano Agent:

To stop the Nano Agent:

Last updated

Was this helpful?