Whisperers management

Concept

Spider Whisperers are agents used to capture communications for analysis in Spider.

They are installed on the system to observe:

• Physical machines
• Virtual machines
• Kubernetes PODs
• Docker containers

They are managed on the User Interface, and used as the main criteria to select the data to see.
You may have as many Whisperers as you need. There is no - known - limit of the Whisperers managed by the system.
A Whisperer may have as many replicas as needed to monitor a distributed system.

How does it work?

A Whisperer:

• Is deployed as a container
  • As code using Helm or Docker compose or...
  • By the UI, through Controllers
  • Or manually / by script
• Identifies itself with a keypair contained in its initial configuration
• Discovers network interfaces of the host
• Get its configuration regularly on the backend
• Update its status regularly on the backend
• Captures network communication on the (virtual) network interface exposed by the system
• Applies filtering on the capture with pcap filters
• Resolves the hostnames behind the IP addresses of the captured communications
• Sends packets, TCP sessions and resolves hosts to the backend for streaming parsing
• Sends regular statistics of its processing for monitoring

Content

This documentation describes:

• Creating a Whisperer
• Selecting a Whisperer
• Configuring a Whisperer
• Sharing a Whisperer access
• Installing a Whisperer
• Starting capture of a Whisperer
• Whisperer statuses
• Monitoring a Whisperer
• Deleting a Whisperer