Skip to main content
Version: Spectra Detect 5.7.0

Introduction

Spectra Detect is a file analysis system available in three deployment configurations:

  • OVA/AMI deployment: traditional virtual machine deployment with Workers, Hubs, and Spectra Detect Manager (SDM).
  • K8s Mono deployment: containerized version of the OVA deployment with Workers, Hubs, and SDM running as pods, supporting horizontal scaling.
  • K8s Micro deployment: redesigned architecture where traditional Workers and Hubs are decomposed into specialized microservices.
    • Workers are broken down into individual processing components.
    • Hub functionality is currently supported only for S3 connector integration.
    • SDM is not included in this preview release.

Spectra Detect uses a flexible cluster architecture that scales incrementally to support distributed or centralized file processing across physical and cloud environments. The cluster can incrementally scale file processing capacity from 100K to 100M files per day by adding Worker nodes.

File analysis

In OVA/AMI and K8s Mono deployments, every Worker contains an instance of Spectra Core, a platform for automated static decomposition and analysis of files.

In K8s Micro deployment, the Spectra Core functionality is distributed across multiple microservice components that work together to analyze files.

Spectra Core can automatically unpack and extract information from more than 300 PE packers, archives, installation packages, firmware images, documents, and mobile application formats.

The extracted information includes metadata such as strings, format header details, function names, library dependencies, file segments, and capabilities. This information is contained in the Worker analysis report (JSON file).

Management

Spectra Detect Manager (SDM) is a management platform that provides a centralized view of the status of ReversingLabs appliances, centralized software upgrades, configuration of authorized appliances, and YARA rules deployment.

info

SDM is available in OVA/AMI and K8s Mono deployments, but is not included in the K8s Micro deployment preview (v5.7).

note

Spectra Detect appliances can be configured using the GUI and APIs, while Spectra Analyze configuration is supported through APIs only.

The Manager functions as a mediator between ReversingLabs appliances connected to it. When YARA rulesets are uploaded to any of the connected appliances that support them, the Manager ensures the rulesets are synchronized across all applicable appliances.

Features:

  • Status overview for multiple ReversingLabs product types
  • License management for connected Spectra Analyze and Spectra Detect Worker appliances
  • Control for upgrading Spectra Analyze, Spectra Detect Worker and Hub
  • Centralized YARA rules deployment and synchronization between Spectra Analyze, and Spectra Detect Worker
  • Alerts for critical system services
  • Support for sample search across all connected and authorized Spectra Analyze appliances
  • Configuration modules for centralized management of Spectra Analyze, Spectra Detect Worker and Hub
  • Support for configuring the Connectors service on Spectra Analyze and Spectra Detect appliances
note

The documentation for hosted appliances contains references to configuration options. These configuration options (and more) are available only to on-premises users.