Architecture
Enterprise Architecture
The Browsermon ecosystem is designed to monitor and manage browser activity across an enterprise. It ensures seamless integration between the Watchdog server, Browsermon service, and Kafka-based data pipelines, while also supporting advanced threat intelligence capabilities. This architecture allows efficient data handling, monitoring, and visualization through MongoDB and Grafana.
Architecture Diagram
What's Watchdog
The Watchdog server provides centralized monitoring and management for enterprise deployments of Browsermon. Key features include:
- Active GUIDs Retrieval: Retrieve active GUIDs of registered controllers for effective monitoring.
- License Verification: Validate the authenticity of controllers' licenses via a secure API.
- Mapping and Configuration Delivery: Match controllers to departments based on parameters like label, IP address, hostname, MAC address, and OS. It sends the appropriate configuration from the
browsermon-watchdog.conf
file along with a valid license message. - Key Expiry Management: Set and manage expiry dates for controller keys, ensuring controllers periodically check in to renew keys. Logs remaining days to expiry for enhanced security and control.
What's ETI Service
The EUNOMATIX Threat Intel (ETI) service is a free offering designed to enhance cybersecurity by leveraging open-source threat intelligence feeds. Key features include:
-
Threat Intelligence Feeds: Collect feeds from open-source channels such as
URLhaus
andPhishtank
and synchronize feeds every 24 hours through an automated scheduler to ensure up-to-date threat detection. -
Data Storage and Access: Store collected URL feeds in an Elasticsearch database running on port
9200
for efficient querying and retrieval. -
Real-Time Threat Detection: Browsermon controllers interact with the ETI service to identify malicious URLs in real time.
-
Local URL Cache: Maintain a local URL cache to minimize redundant ETI queries, optimizing performance and reducing unnecessary requests.
- Configurable Cache Settings:
- Default time-to-live (TTL) of 30 days, customizable in minutes, hours, or days.
- Default maximum cache size of 1000 URLs, configurable to control memory usage. This can be set between 100 and 5000 URLs.