Skip to main content

2024.12.22 Release Note

· 5 min read

This release brings more observability, stability and diversity on Spider agents:

  • Remote logs access
  • Backoff on failed attachments
  • Local agents

It also restores UDP capture that was failing lately.

Upgrade risk

info
  • No compatibility issue 👍
  • No breaking changes 👍

Key changes

  • Controllers have increased their observability to watch Sidecars and Gociphers, and access logs of all Spider agents.
  • UDP capture is working again ;)
  • Local agents

How to upgrade

  1. Use Helm chart 4.4.2 from repository
  2. Adjust global.version field value to 2024.12.22 in your values.yaml
  3. Deploy
tip

See Reference documentation for details.

Versions

Spider

New versions of Spider components:

ComponentVersionDocker tag
Helm chart4.4.2-
Analysis UI11.42024.12.22
Controllers1.72024.12.22
Gossipers7.32024.12.22
Gociphers1.32024.12.22
Back office-2024.12.22
Login UI-2024.12.22
Monitoring UI-2024.12.22

Dependencies

These components are set up in the correct versions by the Helm chart:

DependencyVersionDocker tag
Elastic stack7.17.47.17.4
Redis77-alpine
Traefik2.112.11

Compatibility

Spider has been successfully tested under these versions of dependencies:

3rd party softwareVersion
Helm3.14
Kube1.24 - 1.28

List of changes

Helm chart

✨ New features
  • WHISPERER env variable on Whisperer sidecars
  • APIs to get logs from Controllers
  • GOCIPHER & CONTROLLER env variables for Gociphers
  • Local agents flags
  • Optimised resources requests and limits
⚙️ Improvements
🐞 Bug fixes

Analysis UI

✨ New features
  • Controller Sidecars tab - List Sidecar Whisperers seen by the Controller
  • Controller Gociphers tab - List Gociphers seen by the Controller
  • Fetching logs from Controller, Attachments, Sidecar Whisperers and Gociphers in Controller details tabs
  • A parser has been added in the Content tba of Packets details.
    • DNS over UDP parsing is the first available.
  • Option for Administrators to create local/own Agents for users: Controller, Gocipher & Whisperer. For local usage.
    • New Attributes section on user profile to track if user has own agents.
⚙️ Improvements
  • 95 percentile column has been added in stats tables
  • You may now activate/deactivate the automatic refresh by long clicking on the refresh icon
  • When active, the refresh icon is blue
🐞 Bug fixes
  • A race conditions when deleting or adding stats configuration while refreshing stats has been fixed. It was putting the stat panel in error on refresh.

Controllers

✨ New features
  • Track Gociphers & Sidecar Whisperers
  • Allow getting logs from Controller, Attachments, Sidecars & Gociphers
  • Provide Sidecar Whisperers to Gociphers to allow TLS deciphering on their captured data
  • When an Ephemeral Whisperer fails twice in 5 minutes, the Controller stops restarting it to avoid overloading the POD manifest
⚙️ Improvements
🐞 Bug fixes
  • Fix reconnection when Controls restarts

Gossipers (Whisperers)

✨ New features
  • Check for server Ip change and restart Capture in such a case
  • Manage several Ips for Spider server
⚙️ Improvements
  • Avoid restarting when DNS calls fails (when contacting Controller)
  • Decode UDP layer src and dst ports
🐞 Bug fixes

Gociphers

✨ New features
  • TLS capture of Pods being watched by Sidecar Whisperers
⚙️ Improvements
  • List of default OpenSSL path completed
🐞 Bug fixes

Back office

✨ New features
  • New Controls APIs to:
    • Get logs from Controllers, Gociphers, Sidecar whisperers & Ephemeral Whisperers
    • Get listing of Gociphers & Sidecar Whisperers seen by the Controller
⚙️ Improvements
🐞 Bug fixes

Login UI

✨ New features
⚙️ Improvements
🐞 Bug fixes

Monitoring UI

✨ New features
⚙️ Improvements
🐞 Bug fixes

Online documentation

Updated parts:

API impacts

note

This section informs about any impact on Spider API, so you may adjust your scripts.

Data impacts

note

The table below tells if there are data mapping changes in Elasticsearch indices, associated or not with migrations (Yes ✅ / No ❌).
Migration are automated at upgrade time, but they leave unattended indices that you have to remove manually.

IndexDescriptionMigration
spider-whispAdded isLocalAgent flag
spider-ciphersAdded isLocalAgent flag
spider-controlsAdded isLocalAgent flag
spider-customersAdded hasLocalAgents flag