Skip to content

Features

Browsermon

  • Comprehensive Monitoring: BrowserMon captures a rich set of 19 browsing parameters, providing a comprehensive view of browsing activities. This depth of data enables accurate analysis and informed decision-making.

  • Data Privacy: BrowserMon focuses solely on browser history and does not infringe upon broader internet activity or compromise user privacy beyond the scope of browsing data.

  • Non-Intrusive Monitoring: One of the standout benefits of BrowserMon is its non-intrusive monitoring capability. Regardless of the operating system you’re using, BrowserMon operates seamlessly behind the scenes without causing disruptions or interfering with other data on your system.

  • Centralized management with Watchdog: Browsermon enterprise is managed by Watchdog. Which serves as a centralized management and licensing server for Browsermon agents installed in the enterprise. Watchdog operates on a dedicated Linux server (or VM) and registers all enterprise Browsermon instances to perform health checking and validate licenses.

  • Browsermon Config Push Protocol: Now you can override the default browsermon configuration browsermon.conf, by pushing a config file browsermon-watchdog.conf via watchdog server to complete deployment. A local sysadmin however, can override watchdog pushed configuration by writing a local file, browsermon-local.conf.

  • Kafka Integration for Central History Database: BrowserMon 3.0 integrates with Apache Kafka and MongoDB to store browser history data in a central database. This setup provides scalable data management and real-time data streaming through Kafka, ensuring up-to-date and consistent logging and analytics. This feature is optional and can be disabled if other solutions like Splunk or eti are preferred.

  • Health Checker Implementation: BrowserMon 3.0 includes a Health Checker that verifies the licensing status by sending periodic requests to the Watchdog server. It attempts multiple retries until confirmation is received, ensuring that controllers and the BrowserMon service remain operational.

  • Enhanced Dashboards with Grafana: Grafana based dashboards are built to provide visibility different license utilizations, controller count and any operational issue. You can use this Grafana interface to search history logs. Users can view the dashboard at https://localhost:1514.

  • EUNOMATIX Threat Intel (ETI): The EUNOMATIX Threat Intelligence (ETI) Service is a free offering for customers, designed to enhance cybersecurity by collecting threat intelligence feeds from open-source channels such as URLhause and Phishtank. These feeds are synchronized every 24 hours through an automated scheduler, ensuring up-to-date threat detection. The collected URL feeds are stored in an eti database running on port 9200, allowing efficient querying and retrieval. To identify malicious URLs in real time, the Browsermon controller interacts with the ETI service, leveraging its intelligence for threat assessment. Additionally, Browsermon maintains a local URL cache to minimize redundant ETI queries, optimizing performance and reducing unnecessary requests. The cache has a configurable time-to-live (TTL) with a default of 30 days, allowing customization in minutes, hours, or days as needed. Furthermore, the cache is capped at a customizable maximum size with default of 1000 URLs, ensuring controlled memory usage and preventing excessive growth beyond the specified limit.

  • EUNOMATIX URL Classification Service (UCS): The EUNOMATIX URL Classification Service (UCS) is a free cloud-based service, that can be used by all watchdog servers to provide deep insights into the web traffic by categorizing websites accessed within an organization into different categories. It is an optional service, and customers can selectively enable it.

    UCS uses a Large Language Model (LLM) driven approach to analyze webpage content, offering more accurate classifications than traditional tools. UCS helps detect unusual browsing behaviors, monitor employee productivity, and spot potential security threats by categorizing websites. If this feature enabled, enterprise watchdog servers get incremental domain classification updates to reduce bandwidth usage. UCS is also supported in air-gapped networks, by packaging offline UCS database in each watchdog release.

    EUNOMATIX UCS service classifies URL's into 80 plus diverse categories.

    Category ID Category Description
    1 Abortion Websites discussing abortion or related medical procedures
    2 Abused Drugs Content promoting or related to illegal drug use
    3 Adult Explicit adult content, including pornography
    4 Alcohol and Tobacco Sites promoting or selling alcohol or tobacco
    5 AI Code Assistant Tools using AI to assist in code generation
    6 AI Conversational Assistant Chatbots and virtual assistants powered by AI
    7 AI Data and Workflow Optimizer AI services that manage data and optimize workflows
    8 AI Media Service AI platforms for media generation or editing
    9 AI Meeting Assistant AI tools that assist with meeting scheduling or summaries
    10 AI Platform Service General-purpose AI platforms offering various services
    11 AI Writing Assistant AI tools for content writing and grammar correction
    12 AI Website Generator AI-based tools to generate websites automatically
    13 Artificial Intelligence General AI-related content or technologies
    14 Auctions Online auction platforms and bidding services
    15 Command and Control Known command and control infrastructure used by malware
    16 Compromised Website Sites known to be compromised or infected with malicious code
    17 Computer and Internet Info General tech, computer, and internet-related content
    18 Content Delivery Networks Infrastructure for delivering web content at scale
    19 Copyright Infringement Sites that host or link to pirated or unauthorized content
    20 Dating Platforms for dating and relationships
    21 Dynamic DNS Services offering dynamic DNS configurations
    22 Encrypted DNS DNS services that use encryption for privacy
    23 Energy Energy companies, technologies, and related news
    24 Entertainment and Arts Sites related to movies, music, literature, and art
    25 Extremism Content promoting hate, violence, or radical ideologies
    26 Financial Services Banking, investments, and online financial tools
    27 Food and Drinks Recipes, restaurant guides, or food delivery services
    28 Gambling Online gambling and betting platforms
    29 Games Online and downloadable games and gaming forums
    30 Government Official government portals and services
    31 Grayware Potentially unwanted applications or borderline-malicious tools
    32 Hacking Sites promoting or discussing hacking tools or techniques
    33 Health and Medicine Health advice, medical news, and wellness information
    34 Home and Garden Gardening, home improvement, and decoration
    35 Hunting and Fishing Content about hunting, fishing, and related gear
    36 Insufficient Content Pages with minimal or no valuable content
    37 Internet Communications and Telephony Messaging, VoIP, and internet communication tools
    38 Internet Portals General internet entry points and start pages
    39 Job Search Employment portals and career advice websites
    40 Legal Legal services, resources, or law-related content
    41 Malware Sites known to distribute malicious software
    42 Marijuana Content promoting or selling cannabis and related products
    43 Military Military agencies and defense-related content
    44 Motor Vehicles Automobiles, motorcycles, and vehicle sales
    45 Music Music streaming, downloads, and artist websites
    46 Newly Registered Domains Recently registered, unclassified web domains
    47 News News media and journalism outlets
    48 Not-Resolved Domains that could not be resolved at classification time
    49 Nudity Non-explicit nudity or artistic nude content
    50 Online Storage and Backup Cloud storage and online backup services
    51 Parked Domains that are reserved but not in use
    52 Peer-to-peer P2P file-sharing technologies and platforms
    53 Personal Sites and Blogs Individual-run blogs and personal websites
    54 Philosophy and Political Advocacy Political movements and ideologies, opinion platforms
    55 Phishing Sites known to mimic others to steal credentials
    56 Private IP Addresses Entries containing non-routable (private) IP addresses
    57 Proxy Avoidance and Anonymizers Services designed to bypass network restrictions
    58 Questionable Potentially unsafe or untrustworthy websites
    59 Ransomware Sites known to be linked with ransomware activities
    60 Real Estate Property listings and real estate agents
    61 Recreation and Hobbies Leisure activities, crafts, and hobbyist sites
    62 Reference and Research Encyclopedias, academic journals, and research tools
    63 Religion Religious organizations, texts, and discussions
    64 Remote Access Remote desktop and control software
    65 Search Engines Web search portals and meta-search tools
    66 Sex Education Informative content related to human sexuality and education
    67 Shareware and Freeware Sites offering free or trial software downloads
    68 Shopping E-commerce platforms and online retailers
    69 Social Networking Social media platforms and online communities
    70 Society Content on social structures, issues, and communities
    71 Sports Sporting events, news, and fan sites
    72 Stock Advice and Tools Financial markets, trading tools, and investment advice
    73 Streaming Media Video/audio streaming services and platforms
    74 Swimsuits and Intimate Apparel Sites selling or featuring lingerie and swimwear
    75 Training and Tools Educational resources and skill development tools
    76 Translation Language translation tools and services
    77 Travel Travel booking, guides, and destination content
    78 unknown Domains that are not yet classified by EUNOMATIX UCS
    79 Weapons Firearms, explosives, or weapon-related products
    80 Web Advertisements Platforms serving or displaying ads
    81 Web Hosting Companies providing website hosting services
    82 Web-based Email Email services accessible via web interface
    83 Weather Weather forecasts and meteorological data
    84 Fraud Websites showing content related to fraud

Watchdog

  • License Verification: Watchdog includes an API that validates the authenticity of licenses. This provides a secure and authenticated gateway for accessing essential services.

  • Active Controllers Retrieval: The server not only verifies licenses but also retrieves information on active controllers. This feature offers valuable insights into the current list of registered controllers, aiding in effective monitoring and management.

  • Mapping and Sending Configuration to Controller: The server reads configuration and mapping files, then uses details from the controller (such as label, IP address, hostname, MAC address, and operating system) to determine the best matching department. Based on that match, Watchdog applies the relevant settings from the browsermon-watchdog.conf file. These settings, along with a valid license message, are then sent back to the controller.

  • Key Expiry: The Watchdog license is valid for a specific period (typically one year). Once it expires, the user must renew the license via [email protected].

  • BrowsermonInspect (Optional) provides a layer of accountability for your BrowserMon history logs. If you are not using an automated SIEM solution (e.g., Splunk), you can leverage the built-in Grafana dashboard for central logging of controllers.

    • MongoDB Database When deployed alongside MongoDB, BrowsermonInspect maintains a database of historical logs from all the controllers, which can be queried or integrated into external tools.

    • Grafana Dashboard BrowsermonInspect offers a Grafana dashboard to view real-time logs from all the controllers. This centralized view makes it easy to search, monitor, and analyze logs across your environment.

  • EUNOMATIX Threat Intel (Optional) : ETI is an optional component that can integrate with Watchdog and BrowserMon to enable Threat classification on BrowserMon reader endpoints. When enabled:

    • Threat Intelligence & Classification
      ETI can store and index various threat intelligence data. BrowserMon readers can then query ETI to classify URLs in real time, helping to detect and block malicious links or suspicious sites.

    • Internet Connectivity
      To keep its threat data current, Elasticsearch-based classification requires access to external sources such as PhishTank and URLHaus.

    • Configuration
      You can enable or disable ETI features within browsermon-watchdog.conf (eti_mode). Additional parameters, such as cache_ttl and cache_max_size, let you control how URLs are temporarily stored and reused.

  • EUNOMATIX URL Classification Service (Optional) : UCS is an optional component that can integrate with Watchdog and BrowserMon to enable URL classification on BrowserMon reader endpoints. When enabled:

    • Advanced Content Analysis with LLMs
      UCS uses an LLM pipeline to accurately classify web pages by understanding their content and context, not just patterns or blacklists.

    • Behavioral and Productivity Insights
      UCS categorizes website visits into groups like Gambling, Social Media, News, and Adult to highlight risky or distracting activity. This helps security teams detect threats and HR monitor employee productivity more effectively.

    • Configuration
      You can enable or disable UCS features within browsermon-watchdog.conf (ucs_mode). Additional parameters, such as cache_ttl and cache_max_size, let you control how URLs are temporarily stored and reused.

    • UCS API: UCS includes a built-in, secure API that allows Watchdog clients to pull the latest domain classification updates on a daily basis. Each pull request is incremental, meaning clients only receive new or modified domain classifications since their last sync, reducing bandwidth usage and ensuring efficient updates. To get UCS daily updates, following cloud URL https://ucs.eunomatix.com:8000 should be a accessible to the centralized watchdog instance.

    • Air-Gapped Networks: UCS supports offline and air-gapped environments by packaging the latest classification dataset with each BrowserMon release. This Index snapshot is automatically restored on installation when ucs_updates are turned off without external connections, ensuring continued functionality. This makes UCS a flexible solution for both connected and isolated, high-security environments.