Skip to main content

A tool that provides htop-like functionality for any point in time.

Project description

Spydertop

Spydertop is a tool that provides htop-like functionality for any point in time, on any of your Spyderbat-enabled machines. Utilizing Spyderbat’s kernel-level system monitoring and public APIs, Spydertop allows analysts to look into system anomalies days or even months after they occur.

Demo:

A demo of Spydertop

Quick Start

If you would like to try spydertop without installing it first, you can run the docker image. Example data from the examples directory is included in the docker image.

# to run without arguments
docker run -it spyderbat/spydertop

# to run on an example
docker run -it spyderbat/spydertop -i examples/minikube-sock-shop.json.gz

# to persist settings, or to use a pre-configured Spyderbat API
docker run -it -v $HOME/.config/spydertop:/root/.config/spydertop spyderbat/spydertop [ARGS]

# to run docker with the host's timezone settings
docker run -it -v /etc/localtime:/etc/localtime spyderbat/spydertop [ARGS]

You can also download the bundled executable from the releases page, which includes everything necessary to run spydertop, including a compatible python version!

Installation

Spydertop can be installed from PyPi with pip:

pip install spydertop

If you prefer a manual install, you can download and install the appropriate wheel file or bundled executable (spydertop-bundled-XXX) from the releases page.

To install from source, clone this repository and run this command inside:

# note: requires setuptools >= 45
pip install .
# pip install . -e # for editable install

On your first run of spydertop, it will guide you through setting up a basic configuration if you do not have one already. If you prefer to set it up yourself, see Configuration.

Usage

Spydertop is called with options specifying the machine to pull from and how that data is collected, and a timestamp. Records will be loaded from the specified machine around that time, and an htop-like view will start at the exact requested time. The relative time selection bar at the bottom or bracket keys ([ or ]) can be used to move forward and backward in time, and the arrow keys, tab key, or mouse can be used to navigate the interface. More usage information is available on the help page (h or <F1>).

As this tool emulates much of HTOP's functionality, more information is also available on the HTOP man page.

Examples

spydertop --help # print usage information

# starts spydertop with the specified machine
# at a point in time 5 days ago
spydertop load -g ORGUID -m MACHINEUID -- -5d

# full example
spydertop load \
        --organization ORGUID \
        --machine MACHINEUID \
        --duration 3m \
        --input cached_input_records.json.gz \
        --output file_to_save_to.json.gz \
        -- 1654303663.600901

Configuration

The current configuration, and it's location on disk, can be viewed with

spydertop config get

Spydertop uses the Spyderbat APIs, so it must have access to a valid API key. API keys can be obtained from the API keys page under your Spyderbat account, and configured in spydertop using the spydertop config set-secret command:

spydertop config set-secret mysecret --api-key $(cat ./apikey.txt)

When using the load command, spydertop uses a context to determine how to load data. By default, you will have to specify the organization and source every time you start spydertop. However, you can update or create a new context to configure default values:

spydertop config set-context mycontext --secret mysecret --organization ORG_ID --source SOURCE_ID

Your organization id can be found in the url for the dashboard, and many other pages. Similarly, the machine id can be located in the url of an investigation, or by enabling the id column in the sources list.

https://api.spyderbat.com/app/org/{ORG_ID_HERE}/dashboard

After creating a context, you can enable it with:

spydertop config use-context mycontext

Development

For development, Spydertop can be installed with the --editable flag in pip. Spydertop works well inside of a Python virtual environment, so using one is recommended.

# in the spydertop repository:

# setup development environment
python -m venv .venv
source .venv/bin/activate

# install spydertop for development
pip install --editable .

In the virtual environment, after editing and saving a file, the spydertop command will automatically be updated.

See the Project Structure for a walk through of Spydertop's code base.

Debugging

If you are using VSCode, launch.json is configured to run Spydertop with the python extension's debugger. This runs the module as a python file instead of through the command line, so command line arguments can be added in __init__.py.

Project details


Download files

Download the file for your platform. If you're not sure which to choose, learn more about installing packages.

Source Distributions

No source distribution files available for this release.See tutorial on generating distribution archives.

Built Distribution

spydertop-1.3.1-py3-none-any.whl (92.1 kB view details)

Uploaded Python 3

File details

Details for the file spydertop-1.3.1-py3-none-any.whl.

File metadata

  • Download URL: spydertop-1.3.1-py3-none-any.whl
  • Upload date:
  • Size: 92.1 kB
  • Tags: Python 3
  • Uploaded using Trusted Publishing? No
  • Uploaded via: twine/4.0.2 CPython/3.11.4

File hashes

Hashes for spydertop-1.3.1-py3-none-any.whl
Algorithm Hash digest
SHA256 833076c7a4b0e121efd7d1d0b048e2805311f5ccb6911205dbc1f139bb9e0806
MD5 8a850d05c0a4c7eec481f011902cc879
BLAKE2b-256 a8fbd66f566e11dcdee636451676e17fc4262a2e078dbb726720cff939d372b7

See more details on using hashes here.

Supported by

AWS AWS Cloud computing and Security Sponsor Datadog Datadog Monitoring Fastly Fastly CDN Google Google Download Analytics Microsoft Microsoft PSF Sponsor Pingdom Pingdom Monitoring Sentry Sentry Error logging StatusPage StatusPage Status page