Spherical Defense


This page shows you how you can get up and running with AWS CloudFormation
The simplest installation route is through CloudFormation, which enables you to get up and running with (almost) a single click. The following link will set up a Spherical stack, including an externally facing AWS API Gateway for data ingestion.
You can choose to run the system in front of an underlying service as a reverse proxy, or alternatively in offline mode without any redirection of requests to another service. Offline mode is usually a much better way of getting started. Additional benefits of using CloudFormation as your deployment option enables easy integration with a number of services.
The stack that is created on your AWS infrastructure looks like this.
Spherical integrates with services in two ways, outbound and inbound. Inbound integrations help get data into a Spherical instance. Outbound integrations help get events out of a Spherical instance for your security team to view. See how to integrate Spherical into your workflow with the following link:

API Gateway

The API Gateway is the component that allows you to process API traffic coming in from the outside world. Spherical can be configured with most API Gateways that enable proxy integrations. This means that the API Gateway will pass forward the entirety of every request that it receives.

Proxy Lambda

This component is used to enable Spherical to get a copy of all traffic moving from your API Gateway, and your backend API service. It is very lightweight, and merely loads the HTTP/S request into memory, before sending a copy to the Broker Lambda and the original onto the underlying service.

Broker Lambda

This component handles the outbound integrations to alerting services like Splunk. It either integrates with the Proxy Lambda directly (when using the AWS API Gateway), or alternatively with the Gateway itself (when using Kong or Apigee). This Lambda forwards API requests to the Spherical instance, and does something with the response.