Skip to main content
Version: Spectra Detect 5.2.1

Introduction

Spectra Detect is a file analysis system with three main parts:

  1. Workers (they perform file analysis)
  2. Hubs (load balancing for Workers)
  3. Managers (configuration and management of Hubs and Workers).

Spectra Detect uses a flexible cluster architecture that scales incrementally to support distributed or centralized file processing across physical and cloud environments. The cluster incrementally scales file processing capacity from 100K to 100M files per day by adding Worker nodes to the cluster.

File analysis

Every Worker contains an instance of Spectra Core, a platform for automated static decomposition and analysis of files. Spectra Core can automatically unpack and extract information from more than 300 PE packer, archive, installation package, firmware image, document, and mobile application formats.

The extracted information includes metadata such as strings, format header details, function names, library dependencies, file segments and capabilities. This information is contained in the Worker analysis report (JSON file).

Management

Spectra Detect Manager is a management platform that enables a centralized view of the status of ReversingLabs appliances, centralized software upgrades, configuration of authorized appliances, and YARA rules deployment.

The Manager functions as a mediator between ReversingLabs appliances connected to it. When YARA rulesets are uploaded to any of the connected appliances that support them, the Manager ensures that the rulesets are synchronized across the board.

Features:

  • Status overview for multiple ReversingLabs product types
  • License management for connected Spectra Analyze and Spectra Detect Worker appliances
  • Control for upgrading Spectra Analyze, Spectra Detect Worker and Hub
  • Centralized YARA rules deployment and synchronization between Spectra Analyze, and Spectra Detect Worker
  • Alerts for critical system services
  • Support for sample search across all connected and authorized Spectra Analyze appliances
  • Configuration modules for centralized management of Spectra Analyze, Spectra Detect Worker and Hub
  • Support for configuring the Connectors service on Spectra Analyze and Spectra Detect appliances
note

The documentation for hosted appliances contains references to configuration options. These configuration options (and more) are available only to on-premises users.