Skip to content

Architecture

Enterprise Architecture

The Browsermon ecosystem is designed to monitor and manage browser activity across an enterprise. It ensures seamless integration between the Watchdog server, Browsermon service, and Kafka-based data pipelines, while also supporting advanced threat intelligence capabilities. This architecture allows efficient data handling, monitoring, and visualization through MongoDB and Grafana.

Architecture Diagram

Browsermon Architecture

What's Watchdog

The Watchdog server provides centralized monitoring and management for enterprise deployments of Browsermon. Key features include:

  • Active GUIDs Retrieval: Retrieve active GUIDs of registered controllers for effective monitoring.
  • License Verification: Validate the authenticity of controllers' licenses via a secure API.
  • Mapping and Configuration Delivery: Match controllers to departments based on parameters like label, IP address, hostname, MAC address, and OS. It sends the appropriate configuration from the browsermon-watchdog.conf file along with a valid license message.
  • Key Expiry Management: Set and manage expiry dates for controller keys, ensuring controllers periodically check in to renew keys. Logs remaining days to expiry for enhanced security and control.

What's ETI Service

The EUNOMATIX Threat Intel (ETI) service is a free offering designed to enhance cybersecurity by leveraging open-source threat intelligence feeds. Key features include:

  • Threat Intelligence Feeds: Collect feeds from open-source channels such as URLhaus and Phishtankand synchronize feeds every 24 hours through an automated scheduler to ensure up-to-date threat detection.

  • Data Storage and Access: Store collected URL feeds in an Elasticsearch database running on port 9200 for efficient querying and retrieval.

  • Real-Time Threat Detection: Browsermon controllers interact with the ETI service to identify malicious URLs in real time.

  • Local URL Cache: Maintain a local URL cache to minimize redundant ETI queries, optimizing performance and reducing unnecessary requests.

  • Configurable Cache Settings:
    • Default time-to-live (TTL) of 30 days, customizable in minutes, hours, or days.
    • Default maximum cache size of 1000 URLs, configurable to control memory usage. This can be set between 100 and 5000 URLs.

What's UCS Service

UCS Architecture

The EUNOMATIX URL Classification Service (UCS) provides deep insight into the nature of web traffic by identifying the type and category of websites accessed within an organization.

  • Advanced Content Analysis with LLMs: The UCS leverages a Large Language Model (LLM) pipeline to analyze the actual content of web pages. Unlike traditional tools that rely on domain patterns or blacklists, UCS deeply understands webpage context, purpose, and nuance, enabling it to classify even newly registered or previously unknown domains accurately.

  • Behavioral and Productivity Insights: By categorizing website visits into distinct groups like Gambling, Social Media, News, and Adult, UCS helps organizations detect unusual browsing patterns, such as increased visits to risky or distracting sites. This allows security teams to spot potential threats and HR departments to monitor employee productivity more effectively.

  • UCS API: UCS includes a built-in, secure API that allows Watchdog clients to pull the latest domain classification updates on a daily basis. Each pull request is incremental, meaning clients only receive new or modified domain classifications since their last sync, reducing bandwidth usage and ensuring efficient updates.

  • Air-Gapped Networks: UCS supports offline and air-gapped environments by packaging the latest classification dataset with each BrowserMon release. This Index snapshot is automatically restored on installation when ucs_updates are turned off without external connections, ensuring continued functionality. This makes UCS a flexible solution for both connected and isolated, high-security environments.