Comment on page
September 27, 2023
Adding Spyctl tool and Guardian functionality into the UI, adding better identification and display of the K8s cluster information, improving search accuracy by indexing additional fields.
- Spyctl tool and Guardian functionality are now available in the UI
Guardian is one of the four functional pillars of the Spyderbat platform, which main objective is to allow continuous monitoring of running applications and their comparison against prior versions to recognize drift, and offer the opportunity to take immediate action to mitigate and prevent it.
Until recently, Guardian functionality was available exclusively as a CLI tool also known as Spyctl, which was used to gather auto-generated fingerprints, use them to create a service baseline policy, apply that policy and start detecting deviations. Today, most of the essential steps of this workflow can be executed in the Spyderbat UI within the Guardian section, which is located in the left-hand navigation panel:
You can handpick the desired fingerprints using facets to sort and filter as needed, create a policy, view and edit it, set into desired policy mode and apply:
- Significantly improved accuracy of cluster name identification and better visualization of the node association with a specific cluster within monitoring scope, as it is displayed in the Sources and Agent Health sections of the UI.
- Improved Search accuracy by adding core fields to the indexed library, including remote_hostname (now indexed on model_connection), policy_uid and policy_name (now indexed on event_redflag).
Here is an example of a Search query using one of the newly indexed fields: