Skip to content

Introduction

Browsermon Introduction

Welcome to Browsermon, the revolutionary browser monitoring tool designed to provide unparalleled insights into browsing activities. With seamless compatibility with Google Chrome, Mozilla Firefox, and Microsoft Edge browsers, Browsermon stands as a unique solution in the realm of browser monitoring. Whether operating in real-time mode or scheduled mode, this tool meticulously records browsing histories, capturing a comprehensive range of 18 distinct parameters.

Features

  • Comprehensive Monitoring: BrowserMon captures a rich set of 18 browsing parameters, providing a comprehensive view of browsing activities. This depth of data enables accurate analysis and informed decision-making.

  • Data Privacy: BrowserMon focuses solely on browser history and does not infringe upon broader internet activity or compromise user privacy beyond the scope of browsing data.

  • Non-Intrusive Monitoring: One of the standout benefits of BrowserMon is its non-intrusive monitoring capability. Regardless of the operating system you’re using, BrowserMon operates seamlessly behind the scenes without causing disruptions or interfering with other data on your system.

  • Centralized management with Watchdog - Only for enterprise version: Browsermon enterprise is managed by Watchdog. Which serves as a centralized management and licensing server for Browsermon agents installed in the enterprise. Watchdog operates on a dedicated Linux server (or VM) and registers all enterprise Browsermon instances to perform health checking and validate licenses.

  • Incremental Reads: Browsermon reads the history in incremental mode. This means that the reader maintains a cache file named {reader}_cache, where a counter is stored for each profile indicating how many records have been read. On the next run, it reads only the records that come after the last read position. Browsermon also has an intelligent feature: if the user's history file has not been modified, it will not run the query. To maintain these incremental reads, you must preserve the cache file. Make sure that it is present; otherwise, duplicate records will be read each time.

  • EUNOMATIX Threat Intel (ETI) - Only for enterprise version: Browsermon enterprise provide advanced URL threat intel. Identifying potential security threats such as phishing and malware This ensures that enterprises can effectively safeguard their users from malicious websites by automatically classifying URLs based on a continuously updated threat intelligence database collected from OSINT like URLhause and Phishtank.

  • EUNOMATIX URL CLassification Service (UCS) - Only for enterprise version:The EUNOMATIX URL Classification Service (UCS) categorizes web traffic into 80 plus categories like Gambling, Social Media, News, Adult, etc. It provides deep insight into the nature of websites accessed within an organization. UCS helps detect unusual browsing patterns that may signal security risks. It supports security teams in threat detection and HR teams in monitoring productivity. By classifying visits, UCS enhances both organizational security and efficiency.

Browsermon application captures a rich set of 19 browsing parameters in CSV or JSON format.

Parameter Description
hostname The name of the host computer.
os Operating system used (e.g., Windows).
os_username Operating system username.
browser Web browser used (e.g., edge).
browser_version Version of the web browser.
browser_db Database type/version used by the browser.
profile_id Identifier for the browser profile (if applicable).
profile_title Title of the browser profile.
profile_username Username associated with the browser profile.
profile_path File path to the browser profile data.
username Username of the profile.
session_id Unique identifier for the session.
referrer Referrer URL (if any).
url URL of the webpage visited.
title Title of the webpage visited.
visit_time Time of the visit.
visit_count Number of times the URL was visited.
threat_classification Threat classification by ETI service
url_classification URL classification by UCS service

Watchdog Introduction

Watchdog acts as a licensing server designed to enhance the license verification process for BrowserMon. Built with precision, it is essential for managing and ensuring the integrity and security of licenses. Watchdog is more than just a licensing tool; it is crucial for the reliability and security of BrowserMon's operational infrastructure.

Features

  • License Verification: Watchdog includes an API that validates the authenticity of licenses. This provides a secure and authenticated gateway for accessing essential services.

  • Active Controllers Retrieval: The server not only verifies licenses but also retrieves information on active controllers. This feature offers valuable insights into the current list of registered controllers, aiding in effective monitoring and management.

  • Mapping and Sending Configuration to Controller: The server reads configuration and mapping files, then uses details from the controller (such as label, IP address, hostname, MAC address, and operating system) to determine the best matching department. Based on that match, Watchdog applies the relevant settings from the browsermon-watchdog.conf file. These settings, along with a valid license message, are then sent back to the controller.

  • Key Expiry: The Watchdog license is valid for a specific period (typically one year). Once it expires, the user must renew the license via [email protected].

  • BrowsermonInspect (Optional) provides a layer of accountability for your BrowserMon history logs. If you are not using an automated SIEM solution (e.g., Splunk), you can leverage the built-in Grafana dashboard for central logging of controllers.

    • MongoDB Database When deployed alongside MongoDB, BrowsermonInspect maintains a database of historical logs from all the controllers, which can be queried or integrated into external tools.

    • Grafana Dashboard BrowsermonInspect offers a Grafana dashboard to view real-time logs from all the controllers. This centralized view makes it easy to search, monitor, and analyze logs across your environment.

  • EUNOMATIX Threat Intel (Optional) : ETI is an optional component that can integrate with Watchdog and BrowserMon to enable Threat classification on BrowserMon reader endpoints. When enabled:

    • Threat Intelligence & Classification
      ETI can store and index various threat intelligence data. BrowserMon readers can then query ETI to classify URLs in real time, helping to detect and block malicious links or suspicious sites.

    • Internet Connectivity
      To keep its threat data current, Elasticsearch-based classification requires access to external sources such as PhishTank and URLHaus.

    • Configuration
      You can enable or disable ETI features within browsermon-watchdog.conf (eti_mode). Additional parameters, such as cache_ttl and cache_max_size, let you control how URLs are temporarily stored and reused.

  • EUNOMATIX URL Classification Service (Optional) : UCS is an optional component that can integrate with Watchdog and BrowserMon to enable URL classification on BrowserMon reader endpoints. When enabled:

    • Advanced Content Analysis with LLMs
      UCS uses an LLM pipeline to accurately classify web pages by understanding their content and context, not just patterns or blacklists.

    • Behavioral and Productivity Insights
      UCS categorizes website visits into groups like Gambling, Social Media, News, and Adult to highlight risky or distracting activity. This helps security teams detect threats and HR monitor employee productivity more effectively.

    • Configuration
      You can enable or disable UCS features within browsermon-watchdog.conf (ucs_mode). Additional parameters, such as cache_ttl and cache_max_size, let you control how URLs are temporarily stored and reused.

    • UCS API: UCS includes a built-in, secure API that allows Watchdog clients to pull the latest domain classification updates on a daily basis. Each pull request is incremental, meaning clients only receive new or modified domain classifications since their last sync, reducing bandwidth usage and ensuring efficient updates. To get UCS daily updates, following cloud URL https://ucs.eunomatix.com:8000 should be a accessible to the centralized watchdog instance.

    • Air-Gapped Networks: UCS supports offline and air-gapped environments by packaging the latest classification dataset with each BrowserMon release. This Index snapshot is automatically restored on installation when ucs_updates are turned off without external connections, ensuring continued functionality. This makes UCS a flexible solution for both connected and isolated, high-security environments.

License

Browsermon Comm is available under MIT License

MIT License

Copyright (c) 2025 Eunomatix

Permission is hereby granted, free of charge, to any person obtaining a copy of this software and associated documentation files (the "Software"), to deal in the Software without restriction, including without limitation the rights to use, copy, modify, merge, publish, distribute, sublicense, and/or sell copies of the Software, and to permit persons to whom the Software is furnished to do so, subject to the following conditions:

The above copyright notice and this permission notice shall be included in all copies or substantial portions of the Software.

THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND, EXPRESS OR IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF MERCHANTABILITY, FITNESS FOR A PARTICULAR PURPOSE AND NONINFRINGEMENT. IN NO EVENT SHALL THE AUTHORS OR COPYRIGHT HOLDERS BE LIABLE FOR ANY CLAIM, DAMAGES OR OTHER LIABILITY, WHETHER IN AN ACTION OF CONTRACT, TORT OR OTHERWISE, ARISING FROM, OUT OF OR IN CONNECTION WITH THE SOFTWARE OR THE USE OR OTHER DEALINGS IN THE SOFTWARE.