Spyderbat
Book a DemoStart FreeContact Us
  • Spyderbat Product Docs
  • Getting Started
    • Create an Organization
    • Install the Nano Agent
    • Three Things to Try with Spyderbat Community Edition
    • Manage Users and Roles
  • Installation
    • Spyderbat Nano Agent
      • Kubernetes
        • Pre Deployment Environment Data Collection Script
      • Linux Standalone
      • AWS Unattended Install
        • Secure your Registration Code with AWS Secrets Manager
      • Create a Golden Image with the Nano Agent Pre-Installed
    • Spyderbat AWS Agent
      • AWS Linux VM
      • Kubernetes
      • Configuration Guide - AWS Linux VM
      • Configuration Guide - Kubernetes
    • Install Spyctl CLI
      • Initial Configuration
    • Install Spydertop CLI
    • Install the Spyderbat Event Forwarder
      • Helm Chart
      • Traditional Installer
  • Concepts
    • Guardian & Interceptor
      • Ruleset Policies
      • Workload Policies
    • Flashback (Go Back In Time)
      • Investigations
    • Search
      • Saved Searches
    • Summarize
      • Spydertrace Summarize
    • Dashboards
      • Dashboard Categories
    • Reports
    • Notifications
      • Notification Targets
      • Notification Templates
    • Actions
    • Integrations
      • AWS Integration
      • Spyderbat Event Forwarder
    • Suppression & Tuning
    • Scout (Detections)
      • Custom Flags
  • Tutorials
    • Flashback
      • How to Use the Investigations Feature in Spyderbat
    • Guardian
      • How to Lock Down Your Workloads With Guardian Policies Using Spyctl
      • How to Put Guardrails Around Your K8s Clusters Using Spyctl
    • Integrations
      • How to Configure Event Forwarder Webhook for Panther
      • How to Set Up Spyderbat to Ingest Falco Alerts
      • How to Create and Use a Spyderbat API Key
    • Notifications
      • How to Set Up Notifications Using Spyctl
      • How to Set up Agent-Health Notifications Using Spyctl
    • Dashboards
    • Miscellaneous
      • How to Set Up Spyderbat to Monitor Systems From vulnhub.com
    • Scout (Detections)
      • How to Set Up Custom Flags Using Spyctl CLI
  • Reference
    • Policies
      • Response Actions
    • Rulesets
    • Selectors
    • Notifications
    • Spyctl CLI
      • Spyctl Commands
      • Guardian Policy Management using Spyctl
      • Notification Template Management using Spyctl
      • Notification Target Management using Spyctl
    • Search
      • All Operators
      • All Fields
      • All Related Objects
  • Quick Links
    • Contact Us
    • Try Spyderbat for Free
    • Book a Demo
Powered by GitBook

© SPYDERBAT, Inc., All Rights Reserved

On this page
  • How does Spyderbat collect data?
  • Why do I need to install an agent?
  • What is the impact of the Spyderbat Nano Agent on the system?
  • What operating systems are currently supported?
  • What K8s Distributions are currently supported?
  • What are the Nano Agent’s network requirements?
  • Does the Nano Agent support network proxies?
  • Is information sent securely from the Nano Agent?
  • Does the Nano Agent support systems hosted in AWS?
  • How do I start and stop the Nano Agent from the command line?

Was this helpful?

Export as PDF
  1. Installation

Spyderbat Nano Agent

Nano Agent operational principles, compatibility, network requirements and proxy support, general FAQ

Last updated 1 year ago

Was this helpful?

How does Spyderbat collect data?

Spyderbat collects data by deploying a lightweight “Nano Agent” for Linux based systems. The agent leverages (“extended Berkeley Packet Filter”) filters to build a continuous map of activity within and across systems.

Why do I need to install an agent?

Existing endpoint agents and system logs do not include the necessary information required by Spyderbat to build a complete, living map of causal activity within and across systems. Spyderbat’s Nano Agent is optimized to collect this information so that analysts can see the complete causal attack picture across systems, users, and time.

What is the impact of the Spyderbat Nano Agent on the system?

Spyderbat has observed minimal impact on system resources (CPU, memory), and minimal network bandwidth impact due to heavy compression.

What operating systems are currently supported?

Spyderbat currently supports the following Linux systems:

AlmaLinux 9
x86_64

Amazon Linux 2

x86_64 / ARM64

Amazon Linux 2022

x86_64 / ARM64

Amazon Linux 2023

x86_64

Amazon Linux Bottlerocket

x86_64

CentOS 7 up to 7.6 (with El Repo LT)

x86_64

CentOS 7.6+ (with Kernel 3.10.0-957+)

x86_64

CentOS 8

x86_64

Debian 11

x86_64

Debian 12

x86_64

Flatcar Container Linux (3227.2.1; 3374.2.3)

x86_64

Google Container-Optimized OS (GCOS)

x86_64

Kali 2021.2

x86_64

RHEL 7.6+ (with Kernel 3.10.0-957+)

x86_64

RHEL 8

x86_64

RHEL 9

x86_64

Rocky Linux 8

x86_64

Rocky Linux 9

x86_64

Sangoma 16 (with El Repo LT)

x86_64

Ubuntu 18.04. LTS

x86_64

Ubuntu 20 Desktop

x86_64

Ubuntu 20.04 LTS

x86_64 / ARM64

Ubuntu 20.10

x86_64

Ubuntu 22.04

x86_64

Ubuntu 24.04

x86_64

What K8s Distributions are currently supported?

Spyderbat Nano Agents can be currently installed on the K8s clusters utilizing the following distributions:

K8s Distribution
Node Operating System
Container Runtime

EKS

Amazon Linux 2 Bottlerocket

containerd or Docker

GKE

Ubuntu GCOS

containerd

Rancher K3s

Ubuntu 20 LTS

containerd or Docker

MicroK8s

Ubuntu 22 LTS

containerd

What are the Nano Agent’s network requirements?

Ensure that the systems running the Nano Agent have outbound access on port 443 to https://orc.spyderbat.com.

Does the Nano Agent support network proxies?

Yes. If you have a proxy configured and you have Linux environment variables like:

    https_proxy=:port

The installation script will automatically grab the environment variables from your terminal using the “-E” flag and pass those to the agent as required.

Is information sent securely from the Nano Agent?

Yes. Spyderbat securely encrypts information sent by the Nano Agent to the Spyderbat backend using TLS.

Does the Nano Agent support systems hosted in AWS?

The Nano Agent can be installed on any of the supported systems listed above as virtual or physical machines. Additionally, the Nano Agent collects metadata from AWS instances such as Cloud Tags, Region, Zone etc. To collect this metadata, ensure your AWS instances have an appropriate IAM (read only) role assigned to them such as “AmazonEC2ReadOnlyAccess”, see https://docs.aws.amazon.com/AWSEC2/latest/WindowsGuide/security-iam-awsmanpol.html

How do I start and stop the Nano Agent from the command line?

To start the Nano Agent:

  sudo systemctl stop nano_agent.service

To stop the Nano Agent:

  sudo systemctl start nano_agent.service
eBPF