Skip to main content
Version: Spectra Analyze 9.2.2

Configuration Management using Spectra Detect Manager

ReversingLabs Spectra Detect Manager allows users to create groups of pre-configured settings, and apply those settings to selected ReversingLabs appliances. This feature makes it possible to configure multiple appliances from one central point, and to ensure they all have consistent and correct settings.

If a Spectra Analyze appliance is authorized and connected to a Spectra Detect Manager instance, it can be managed via the Central Configuration page on the Manager. Spectra Analyze appliances managed by the Spectra Detect Manager will have the option to disconnect the appliance from the manager in the top right corner of the Administration > Configuration section. Clicking the Disconnect button breaks the connection to the Spectra Detect Manager and reconfigures Spectra Analyze.

Additionally, it is possible to confirm that the appliances are properly connected by checking the Spectra Detect Manager status on the System Status page, under External services Connectivity.

The same SNMP community string configured on the appliance (in the Administration ‣ Configuration ‣ SNMP dialog) must be used when adding the appliance to the Spectra Detect Manager instance (in the Add new appliance or Configure appliance dialog). This ensures that Spectra Detect Manager can display the appliance status information correctly, and that changes saved on the Manager can be propagated to the appliance.

When settings are managed by the Spectra Detect Manager, the configuration dialog for those settings will indicate they are configured by the Manager. Although those settings will still be editable, it will not be possible to overwrite them as long as the appliance is managed externally.

Section of the System configuration page with highlighted Spectra Manager indicator

When configuration values are changed on Spectra Detect Manager for a group that the appliance belongs to, the appliance will be restarted.

Once the appliance is removed from a configuration group on Spectra Detect Manager, settings in the System Configuration section become editable again. The settings configured while the appliance was in a configuration group remain active. For example, if System Alerting settings were modified via the Manager, those same settings will be still active until manually modified by the appliance administrator.

The Spectra Detect Manager Central Configuration feature can be used to manage the following settings on ReversingLabs Spectra Analyze appliances:

Spectra Intelligence - Multiple Spectra Analyze instances should not be configured to use the same cloud account, as this can interfere with appliance functionality, and particularly with YARA ruleset synchronization. It is advised to use these settings only if there is just one Spectra Analyze appliance in the configuration group.

T1000 File Reputation Appliance

SMTP

SNMP

Cuckoo Integration

User Directory

System Time

Spectra Detect Worker Store Integration

System Alerting