Collectors are logical entities composed of discovery settings. Users create and then configure them to flow among a Command Center and one or more Scouts, gathering data. The collectors carry indexing/discovery definitions, instantiate and perform passive, active, and targeted discovery, reference interfaces, watch message queues, and transmit collected data back to the Spectre Command Center.
Multiple collectors can work together collaboratively within a zone, collecting and exchanging more network data as a unit than any one of them could alone. Collectors can also be configured to not share information, which is useful when you want to contain the time-to or scope-of discovery, ensure that discovery does not extend out to a classified enclave or the Internet, or more clearly understand what results are generated by a particular collector's activity.
A collector does not probe a network or perform any activity until you enable it. Also, a collector that has not been associated with any discovery settings will not run. Collectors can be associated with either a Command Center or a Scout.
This procedure describes how to add a collector to the Command Center's own internal interface. To enable a collector, just select the Enable Collector checkbox during this procedure. If your system is distributed, you will also need to assign collectors to Scouts.
Complete the modal and click Create.
If you would like the collector to start doing its job as soon as you create it, select the Enable Collector checkbox.
To create a collector and have it ready to run at another time, clear the Enable Collector checkbox. If you are following the QuickStart Guide, leave the Enable Collector box unchecked.
The rescan interval specifies how often the collector is to perform its routine, in minutes.
The interface identifies the Spectre component–Command Center or Scout-- to which you want to associate the collector and is managed in the Spectre application in Settings > Spectre Systems.
To edit a collector, do the following:
Collectors are often defined, used, and reused across a number of zones and by a variety of Spectre users. Consequently, collectors are activated and deactivated as needed, rather than deleted. Deactivate your collectors before upgrading to the next version of Spectre.
Disable a collector as follows: