2024.12.22 Release Note

This release brings more observability, stability and diversity on Spider agents:

• Remote logs access
• Backoff on failed attachments
• Local agents

It also restores UDP capture that was failing lately.

Upgrade risk

info

• No compatibility issue 👍
• No breaking changes 👍

Key changes

• Controllers have increased their observability to watch Sidecars and Gociphers, and access logs of all Spider agents.
• UDP capture is working again ;)
• Local agents

How to upgrade

1. Use Helm chart 4.4.2 from repository
2. Adjust global.version field value to 2024.12.22 in your values.yaml
3. Deploy

tip

See Reference documentation for details.

Versions

Spider

New versions of Spider components:

Component	Version	Docker tag
Helm chart	4.4.2	-
Analysis UI	11.4	2024.12.22
Controllers	1.7	2024.12.22
Gossipers	7.3	2024.12.22
Gociphers	1.3	2024.12.22
Back office	-	2024.12.22
Login UI	-	2024.12.22
Monitoring UI	-	2024.12.22

Dependencies

These components are set up in the correct versions by the Helm chart:

Dependency	Version	Docker tag
Elastic stack	7.17.4	7.17.4
Redis	7	7-alpine
Traefik	2.11	2.11

Compatibility

Spider has been successfully tested under these versions of dependencies:

3rd party software	Version
Helm	3.14
Kube	1.24 - 1.28

List of changes

Helm chart

✨ New features	WHISPERER env variable on Whisperer sidecars APIs to get logs from Controllers GOCIPHER & CONTROLLER env variables for Gociphers Local agents flags Optimised resources requests and limits
⚙️ Improvements
🐞 Bug fixes

Analysis UI

✨ New features	Controller Sidecars tab - List Sidecar Whisperers seen by the Controller Controller Gociphers tab - List Gociphers seen by the Controller Fetching logs from Controller, Attachments, Sidecar Whisperers and Gociphers in Controller details tabs A parser has been added in the Content tba of Packets details. DNS over UDP parsing is the first available. Option for Administrators to create local/own Agents for users: Controller, Gocipher & Whisperer. For local usage. New Attributes section on user profile to track if user has own agents.
⚙️ Improvements	95 percentile column has been added in stats tables You may now activate/deactivate the automatic refresh by long clicking on the refresh icon When active, the refresh icon is blue
🐞 Bug fixes	A race conditions when deleting or adding stats configuration while refreshing stats has been fixed. It was putting the stat panel in error on refresh.

Controllers

✨ New features	Track Gociphers & Sidecar Whisperers Allow getting logs from Controller, Attachments, Sidecars & Gociphers Provide Sidecar Whisperers to Gociphers to allow TLS deciphering on their captured data When an Ephemeral Whisperer fails twice in 5 minutes, the Controller stops restarting it to avoid overloading the POD manifest
⚙️ Improvements
🐞 Bug fixes	Fix reconnection when Controls restarts

Gossipers (Whisperers)

✨ New features	Check for server Ip change and restart Capture in such a case Manage several Ips for Spider server
⚙️ Improvements	Avoid restarting when DNS calls fails (when contacting Controller) Decode UDP layer src and dst ports
🐞 Bug fixes

Gociphers

✨ New features	TLS capture of Pods being watched by Sidecar Whisperers
⚙️ Improvements	List of default OpenSSL path completed
🐞 Bug fixes

Back office

✨ New features	New Controls APIs to: Get logs from Controllers, Gociphers, Sidecar whisperers & Ephemeral Whisperers Get listing of Gociphers & Sidecar Whisperers seen by the Controller
⚙️ Improvements
🐞 Bug fixes

Login UI

✨ New features
⚙️ Improvements
🐞 Bug fixes

Monitoring UI

✨ New features
⚙️ Improvements
🐞 Bug fixes

Online documentation

Updated parts:

• Refresh tool
• Monitoring a Controller
• Listing deployed agents
• Quickstart
• List of features
• Captured data / Packets

API impacts

note

This section informs about any impact on Spider API, so you may adjust your scripts.

• New Controls API to:
  • List Sidecars and Gociphers.
  • Get Logs from Attachments, Controller, Sidecars and Gociphers.

Data impacts

note

The table below tells if there are data mapping changes in Elasticsearch indices, associated or not with migrations (Yes ✅ / No ❌).
Migration are automated at upgrade time, but they leave unattended indices that you have to remove manually.

Index	Description	Migration
spider-whisp	Added isLocalAgent flag	✅
spider-ciphers	Added isLocalAgent flag	✅
spider-controls	Added isLocalAgent flag	✅
spider-customers	Added hasLocalAgents flag	✅