Spyderbat
Book a DemoStart FreeContact Us
  • Spyderbat Product Docs
  • Getting Started
    • Create an Organization
    • Install the Nano Agent
    • Three Things to Try with Spyderbat Community Edition
    • Manage Users and Roles
  • Installation
    • Spyderbat Nano Agent
      • Kubernetes
        • Pre Deployment Environment Data Collection Script
      • Linux Standalone
      • AWS Unattended Install
        • Secure your Registration Code with AWS Secrets Manager
      • Create a Golden Image with the Nano Agent Pre-Installed
    • Spyderbat AWS Agent
      • AWS Linux VM
      • Kubernetes
      • Configuration Guide - AWS Linux VM
      • Configuration Guide - Kubernetes
    • Install Spyctl CLI
      • Initial Configuration
    • Install Spydertop CLI
    • Install the Spyderbat Event Forwarder
      • Helm Chart
      • Traditional Installer
  • Concepts
    • Guardian & Interceptor
      • Ruleset Policies
      • Workload Policies
    • Flashback (Go Back In Time)
      • Investigations
    • Search
      • Saved Searches
    • Summarize
      • Spydertrace Summarize
    • Dashboards
      • Dashboard Categories
    • Reports
    • Notifications
      • Notification Targets
      • Notification Templates
    • Actions
    • Integrations
      • AWS Integration
      • Spyderbat Event Forwarder
    • Suppression & Tuning
    • Scout (Detections)
      • Custom Flags
  • Tutorials
    • Flashback
      • How to Use the Investigations Feature in Spyderbat
    • Guardian
      • How to Lock Down Your Workloads With Guardian Policies Using Spyctl
      • How to Put Guardrails Around Your K8s Clusters Using Spyctl
    • Integrations
      • How to Configure Event Forwarder Webhook for Panther
      • How to Set Up Spyderbat to Ingest Falco Alerts
      • How to Create and Use a Spyderbat API Key
    • Notifications
      • How to Set Up Notifications Using Spyctl
      • How to Set up Agent-Health Notifications Using Spyctl
    • Dashboards
    • Miscellaneous
      • How to Set Up Spyderbat to Monitor Systems From vulnhub.com
    • Scout (Detections)
      • How to Set Up Custom Flags Using Spyctl CLI
  • Reference
    • Policies
      • Response Actions
    • Rulesets
    • Selectors
    • Notifications
    • Spyctl CLI
      • Spyctl Commands
      • Guardian Policy Management using Spyctl
      • Notification Template Management using Spyctl
      • Notification Target Management using Spyctl
    • Search
      • All Operators
      • All Fields
      • All Related Objects
  • Quick Links
    • Contact Us
    • Try Spyderbat for Free
    • Book a Demo
Powered by GitBook

© SPYDERBAT, Inc., All Rights Reserved

On this page
  • Introduction
  • Step by step guide

Was this helpful?

Export as PDF
  1. Installation
  2. Spyderbat Nano Agent

AWS Unattended Install

Automatic installation of the Spyderbat Nano Agent on an AWS EC2 instance with auto-scaling groups using the instance launch wizard.

Last updated 1 year ago

Was this helpful?

Published: November 19, 2021

Introduction

In this walkthrough, we’ll show how you can install the Spyderbat Nano Agent automatically when an AWS EC2 instance is created – this can be useful particularly for ephemeral instances, such as when leveraging AWS auto scaling groups for example. We’ll walk through creating an EC2 instance in the AWS console using the instance launch wizard, and leverage the ability to pass in user data at instance creation time – for more information about user data and cloud-init, see AWS docs . For installing the Spyderbat Nano Agent in an attended fashion, see the walkthrough guide .

Step by step guide

1) The 1st step is to retrieve the command to install the agent for your organization – click on the “New Source” button in the sources section of the product for your organization

Spyderbat Nano Agent installation on AWS step 1

2) Once you click on this button, you should be launched into the agent installation wizard where you will be presented with a link to install the agent, let’s copy the “wget” version of the install command and save that to the notepad.

4) Go to Instances and use the Launch Instances wizard to request one or more instances.

5) Choose the desired AMI for the new instances and click Select.

6) Choose the desired instance type. Then click Configure Instance Details.

7) At the bottom of the “Configure Instance Details” screen, you will see an “Advanced Details” section with an input box for “User data”

8) In the user data field, we will enter a shell script to run the install command we copied to our notepad, similar to the below (for RedHat family distributions):

#!/bin/bash
yum install - y wget lsof
wget -- quiet - O -
https://orc.spyderbat.com/v1/reg/OMJBdOBVZvzFGEMLgQSt/script | /bin/sh

The 1st line indicates this is a bash shell script, the second line ensures the ‘wget’ and ‘lsof’ utilities are installed, and the 3rd line is the install command you copied from the installation wizard. Note that we have omitted “sudo -E” from the command we copied since the user data script is run as root when the instance boots. For Debian family based distributions, the following can be used:

#!/bin/bash yum install - y wget lsof wget -- quiet - O - https://orc.spyderbat.com/v1/reg/OMJBdOBVZvzFGEMLgQSt/script | /bin/sh

9) Continue with the steps in the install wizard, or jump to Review and Launch if you are done.

10) When the instance is created in AWS, it should now download and install the agent as part of the boot sequence (for reference, the cloud-init output log file is created at /var/log/cloud-init-output.log on the created instance) – note you should ensure the instance(s) that are created have outbound access on port 443 to https://orc.spyderbat.com.

11) Check the “sources” section of the Spyderbat and you should now see your new instance appear in your list of sources.

Spyderbat Nano Agent installation on AWS step 2

3) Now go to the .

Spyderbat Nano Agent installation on AWS step 3

You can leverage the user data in a similar fashion when using other mechanisms to create AWS EC2 instances, for example when specifying a .

AWS EC2 management console
launch template for an Auto Scaling group
Click here for more information about Spyderbat’s Nano Agent
here
here