Spectra Analyze and Spectra Detect Worker
The Spectra Analyze appliance can be configured to rely on the Spectra Detect file processing solution to provide additional sample storage and encryption options to the users.
On the Spectra Analyze side, the options are configured in the Spectra Detect Worker Store Integration section of the System Configuration page.
However, in order for the integration to function properly, Spectra Detect Worker needs to be configured to work with the AWS S3 storage. Additionally, the URL to the Spectra Analyze appliance must be set up on the Worker instance.
Only appliance administrators can access the options to configure Spectra Detect Worker settings.
Optimized AWS S3 Storage
ReversingLabs Spectra Detect has the ability to store processed samples into S3 buckets in an optimized way. Instead of storing dozens of samples individually, Spectra Detect can compress samples and store them as ZIP files while maintaining references to each individual sample for easy access.
Samples stored in this way use SHA1 hashes as filenames. The sample reference URL contains the SHA1 hash, but it can optionally contain the original file name of the sample, too.
Spectra Analyze users can access the reference URLs and use them to import samples from S3 to the appliance. One way of accessing the URLs is via Splunk reports, which are sent by the Spectra Detect Worker instance when the file analysis is complete.
By clicking a sample reference URL in the Splunk report, users can download and extract the samples from a compressed file in S3 onto their Spectra Analyze instance. The Spectra Analyze can perform additional analysis steps, and redirect the users to the Sample Details page of the analyzed sample. If the downloaded sample already exists on the appliance, the Spectra Analyze will recognize this and immediately open the Sample Details page for that sample.
The S3 buckets from which the users intend to fetch samples need to be listed in the appropriate field on the System Configuration page of the Spectra Analyze appliance. If the bucket containing a referenced sample is not listed there, it will not be possible to import the file to the Spectra Analyze appliance.