Skip to content

Architecture

Enterprise Architecture

The Browsermon ecosystem is designed to monitor and manage browser activity across an enterprise. It ensures seamless integration between the Watchdog server, Browsermon service, and Kafka-based data pipelines, while also supporting advanced threat intelligence capabilities. This architecture allows efficient data handling, monitoring, and visualization through MongoDB and Grafana.

Architecture Diagram

Browsermon Architecture

What's Watchdog

The Watchdog server provides centralized monitoring and management for enterprise deployments of Browsermon. Key features include:

  • Active GUIDs Retrieval: Retrieve active GUIDs of registered controllers for effective monitoring.
  • License Verification: Validate the authenticity of controllers' licenses via a secure API.
  • Mapping and Configuration Delivery: Match controllers to departments based on parameters like label, IP address, hostname, MAC address, and OS. It sends the appropriate configuration from the browsermon-watchdog.conf file along with a valid license message.
  • Key Expiry Management: Set and manage expiry dates for controller keys, ensuring controllers periodically check in to renew keys. Logs remaining days to expiry for enhanced security and control.

What's ETI Service

The EUNOMATIX Threat Intel (ETI) service is a free offering designed to enhance cybersecurity by leveraging open-source threat intelligence feeds. Key features include:

  • Threat Intelligence Feeds: Collect feeds from open-source channels such as URLhaus and Phishtankand synchronize feeds every 24 hours through an automated scheduler to ensure up-to-date threat detection.

  • Data Storage and Access: Store collected URL feeds in an Elasticsearch database running on port 9200 for efficient querying and retrieval.

  • Real-Time Threat Detection: Browsermon controllers interact with the ETI service to identify malicious URLs in real time.

  • Local URL Cache: Maintain a local URL cache to minimize redundant ETI queries, optimizing performance and reducing unnecessary requests.

  • Configurable Cache Settings:
    • Default time-to-live (TTL) of 30 days, customizable in minutes, hours, or days.
    • Default maximum cache size of 1000 URLs, configurable to control memory usage. This can be set between 100 and 5000 URLs.