Skip to content

Config Reference

Config Push Protocol

Users can customize the information sent from the controller to get different settings based on their department. The information should include fields like guid, hostname, version, ip_addresses, mac_address, os, and label.

watchdog_config

  1. Label Matching: This is the highest priority. If the controller's label field matches the label specified in the mapping.conf file, the department associated with that label is selected immediately.
  2. Hostname Matching: If no label match is found, the system checks if the controller's hostname matches the pattern defined for a department. A wildcard (*) can be used in the hostname pattern to allow for partial matching.
  3. IP Address Matching: If neither label nor hostname matches, the IP address is compared. The controller's IP addresses are checked to see if any of them fall within the subnet ranges specified for a department.
  4. MAC Address Matching: If the IP address does not match, the system will try to match the controller's MAC address using a pattern that can include wildcards.
  5. Operating System (OS) Matching: As the last option, the controller's OS is compared against the OS specified for the department. The system performs a partial match if a wildcard (*) is used, ensuring that different versions of the same OS can be grouped together.

The matching process in NOT case-sensitive.

The process follows a first-match-wins strategy. As soon as a match is found, the department associated with that match is selected, and the remaining conditions are ignored.

Example Workflow of Matching

Here’s a simple example to illustrate how the matching process works:

  • Controller Information:
  • Label: "hr"
  • Hostname: "newyork-hr1"
  • IP Addresses: ["123.11.219.5"]
  • MAC Address: "23:ab:123:45:67:89"

  • OS: "linux"

  • Matching Process:

  • Label Matching: The system checks the label "hr". It finds that the HR department has a matching label, so it immediately selects the HR department.
  • Hostname, IP, MAC, and OS: Since the label matched, the system does not proceed to check the other conditions (hostname, IP, MAC, or OS).

The HR department is selected based on the label match, even though other conditions might also match.

mappings.conf

This file contains mappings for different departments, specifying conditions like the hostname pattern, label, operating system, IP address range, and MAC address pattern.

# mappings.conf
# File to define groups for the browsermon controllers
# based on any criteria (guid, hostname, mac, version, ip, os, label)

[Staff]
host=austin-*
label=staff
os=windows

[HR]
host=newyork-*
os=linux
label=hr
address=123.11.219.0/24
mac=23:ab:123:*

[Accounts]
host=sunnyvale-*
os=linux

[CEO]
host=chicago-ceo*
label=ceo
os=windows

watchdog.conf

Watchdog relies on the watchdog.conf configuration file for essential settings. Here are the key configuration parameters:

  • MODE: Set the mode to either ‘local’ or ‘cloud’ based on your deployment.
  • BMKEY: Provide the Base64-encoded license key.
  • AUTHCODE: Add the Base64-encoded authorization code.
  • BLACKLIST: Specify the blacklist configuration.
  • LOGDIR: Path to your log directory.
  • LOGLEVEL: Set the desired log level. Set it to DEBUG if the program doesn’t work the intended way.
  • MAXBYTES: Set the rotating size of logs in Bytes (default: 5242880)
  • BACKUPCOUNT: Set the rotating copies count of the logs (default: 5)
  • LIMIT: Enable the rate limiting.
  • RATE: Give the rate at which API is accessible.
  • CERTFILE: Path to the SSL Certificate File
  • KEYFILE: Path to the SSL Key File

browsermon.conf

[server]
watchdog_ip=0.0.0.0
watchdog_port=5601
[installation]
install_dir=C:\\browsermon
[eti]
host=localhost
port=9200
username=browsermon
password=qwerty
index=threat_index
[default]
browser=firefox
mode=scheduled
schedule_window=1m
logdir=C:\\browsermon\\history
logmode=csv
rotation=1h
backup_count=0
log_level=DEBUG
kafka_mode=true
kafka_server_url=localhost:9092
eti_mode=false
cache_ttl=30d
cache_max_size=1000
kafka_server_url=localhost:9092
machine_label=DefaultLabel

browsermon-watchdog.conf

This file defines the settings for each department, including the browser type, mode, schedule window, log directory, log mode, rotation interval, Kafka mode, elastic_search_mode, cache_ttl and cache_max_size.

[HR]
browser=firefox
mode=scheduled
schedule_window=1m
logdir=/opt/browsermon/logs
logmode=json
rotation=1h
kafka_mode=false
eti_mode=false
cache_ttl=30d
cache_max_size=1000

[Accounts]
browser=chrome
mode=scheduled
schedule_window=1m
logdir=/opt/browsermon/logs
logmode=csv
rotation=1h
kafka_mode=true
eti_mode=false
cache_ttl=30d
cache_max_size=1000

[CEO]
browser=firefox
mode=scheduled
schedule_window=1m
logdir=C:\\browsermon\\history
logmode=csv
rotation=1h
kafka_mode=true
eti_mode=false
cache_ttl=30d
cache_max_size=1000

Configuration Explanation

  • watchdog_ip: IP address of the Watchdog server.
  • watchdog_port: Port number where Watchdog service listens for connections.
  • install_dir: Directory where you want to install browsermon into
  • host: eti server hostname or IP address
  • port: Port number on which eti is listening
  • username: Username for eti authentication
  • password: Password for eti authentication
  • index: Name of the eti index where threat intel data will be fetched from
  • browser: Specifies the browser(s) to monitor, such as Firefox, Chrome, or Edge.
  • mode: Determines whether BrowserMon operates in scheduled mode (default) or real-time mode.
  • schedule_window: Sets the interval between each browser data collection iteration.
  • logdir: Defines the directory where browser history log files are stored.
  • logmode: Specifies the format of the history log files (CSV or JSON).
  • rotation: Sets the interval for rotating history log files.
  • backup_count: Defines the number of backup copies of history log files to retain.
  • log_level: Specifies the logging level (INFO or DEBUG).
  • kafka_mode: Enables (true) or disables (false) Kafka integration for centralized logging.
  • kafka_server_url: URL of the bootstrap Kafka server.
  • eti_mode: Enables (true) or disables (false) Eunomatix Threat Intel service.
  • cache_ttl: Amount of time for which url will remain in cache
  • cache_max_size: Upper bound the cache can grow to e.g if set to 100 that means 100 urls will be cached
  • machine_label: The label you will sent as a payload to the watchdog server (This can be set by the controller in the browsermon-local.conf and browsermon.conf file).

*All these config variables can be changed in browsermon-local.conf file except watchdog_ip and watchdog_port.

Order of Precedence

BrowserMon 3.0 supports different types of configurations to tailor settings based on organizational needs (browsermon-watchdog.conf and browsermon-local.conf files can be configured at run time and will be updated after every 30 min) :

  1. Default Configuration (browsermon.conf): Provides baseline settings for all deployments.

  2. Central Watchdog Configuration (browsermon-watchdog.conf): Overrides default configurations for centralized management this configuration is recieved from the watchdog server and written in the browsermon-watchdog.conf file in your installation directory.

  3. Local Configuration (browsermon-local.conf): Allows local administrators to customize settings for specific requirements, overriding both default and watchdog configurations.

Config Precedence