Skip to content

Guides

BrowserMon User Guide

  • Introduction

    In today's digital landscape, effective monitoring of web activities is crucial to safeguarding enterprise security. BrowserMon 3.0, developed by EUNOMATIX, is a cutting-edge solution designed to provide detailed insights and control over browsing activities within organizations. This guide will walk you through the key features and setup of BrowserMon 3.0, helping you understand how to utilize it effectively.

  • Key Features Explained

    • Centralized Logging with Watchdog BrowserMon 3.0 collects browsing history data from various devices and sends it to a central server in real-time. This feature enables comprehensive security analysis and facilitates easy searchability without relying on external tools like Splunk or eti. It also helps meet data retention and regulatory compliance requirements.

    • Kafka Integration for Central History Database BrowserMon 3.0 integrates with Apache Kafka and MongoDB to store browser history data in a central database. This setup provides scalable data management and real-time data streaming through Kafka, ensuring up-to-date and consistent logging and analytics. This feature is optional and can be disabled if other solutions like Splunk or eti are preferred.

    • Health Checker Implementation BrowserMon 3.0 includes a Health Checker that verifies the licensing status by sending periodic requests to the Watchdog server. It attempts multiple retries until confirmation is received, ensuring that controllers and the BrowserMon service remain operational.

    • Enhanced Dashboards with Grafana

      BrowserMon 3.0 includes Grafana-based dashboards that offer clear visibility into:

      • Controller counts
      • Operational issues

      These dashboards help administrators quickly derive actionable insights from browsing data.

      • Accessing the Grafana Dashboard

        Users can view the Grafana dashboard by navigating to http://localhost:1514 in their web browser. This dashboard presents the history and analytics data collected by the watchdog server in an intuitive and visual format.

    • EUNOMATIX Threat Intel (ETI)

      To identify malicious URLs in real time, the Browsermon controller interacts with the ETI service, leveraging its intelligence for threat assessment. Additionally, Browsermon maintains a local URL cache to minimize redundant ETI queries, optimizing performance and reducing unnecessary requests. The cache has a configurable time-to-live (TTL) with a default of 30 days, allowing customization in minutes, hours, or days as needed. Furthermore, the cache is capped at a customizable maximum size with default of 1000 URLs, ensuring controlled memory usage and preventing excessive growth beyond the specified limit.

      In order for endpoints to use EUNOMATIX ETI service Username, Password Host and Port needs to be written in browsermon.conf file under elastic section.

      Example: 

      [elastic]
host=localhost
port=9200
username=Browsermon
password=BrowsermonElasticUser
eti_index=threat_index
ucs_index=eunomatix_ucs

    • EUNOMATIX URL Classification Service (UCS)

      The EUNOMATIX URL Classification Service (UCS) is a free cloud-based service, that can be used by all watchdog servers to provide deep insights into the web traffic by categorizing websites accessed within an organization into different categories. It is an optional service, and customers can selectively enable it. EUNOMATIX UCS service classifies URL's into 80 plus diverse categories.

      In order for endpoints to use EUNOMATIX UCS service Username, Password Host and Port needs to be written in browsermon.conf file under elastic section.

      Example: 

      [elastic]
host=localhost
port=9200
username=Browsermon
password=BrowsermonElasticUser
eti_index=threat_index
ucs_index=eunomatix_ucs

  • Types of Configurations

    BrowserMon 3.0 supports different types of configurations to tailor settings based on organizational needs:

    1. Default Configuration (browsermon.conf): Provides baseline settings for all deployments.

    2. Central Watchdog Configuration (browsermon-watchdog.conf): Overrides default configurations for centralized management this configuration is recieved from the watchdog server and written in the browsermon-watchdog.conf file in your installation directory.

    3. Local Configuration (browsermon-local.conf): Allows local administrators to customize settings for specific requirements, overriding both default and watchdog configurations.

  • Example Configuration File (browsermon.conf)

[server]
watchdog_ip=0.0.0.0
watchdog_port=8900
[installation]
install_dir=C:\\browsermon
[elastic]
host=localhost
port=9200
username=Browsermon
password=BrowsermonElasticUser
eti_index=threat_index
ucs_index=eunomatix_ucs
[default]
browser=firefox
mode=scheduled
schedule_window=1m
logdir=C:\\browsermon\\history
logmode=csv
rotation=1h
backup_count=0
log_level=DEBUG
kafka_mode=true
kafka_server_url=localhost:9092
eti_mode=false
ucs_mode=false
cache_ttl=30d
cache_max_size=1000
kafka_server_url=localhost:9092
machine_label=DefaultLabel

  • Configuration Explanation

    • watchdog_ip: IP address of the Watchdog server.
    • watchdog_port: Port number where Watchdog service listens for connections.
    • install_dir: Directory where you want to install browsermon into
    • host: eti/ucs server hostname or IP address
    • port: Port number on which eti/ucs is listening
    • username: Username for eti/ucs authentication
    • password: Password for eti/ucs authentication
    • eti_index: Name of the eti index where threat intel data will be fetched from
    • ucs_index: Name of the ucs index where classification data will be fetched from
    • browser: Specifies the browser(s) to monitor, such as Firefox, Chrome, or Edge.
    • mode: Determines whether BrowserMon operates in scheduled mode (default) or real-time mode.
    • schedule_window: Sets the interval between each browser data collection iteration.
    • logdir: Defines the directory where browser history log files are stored.
    • logmode: Specifies the format of the history log files (CSV or JSON).
    • rotation: Sets the interval for rotating history log files.
    • backup_count: Defines the number of backup copies of history log files to retain.
    • log_level: Specifies the logging level (INFO or DEBUG).
    • kafka_mode: Enables (true) or disables (false) Kafka integration for centralized logging.
    • kafka_server_url: URL of the bootstrap Kafka server.
    • eti_mode: Enables (true) or disables (false) EUNOMATIX Threat Intel service.
    • ucs_mode: Enables (true) or disables (false) EUNOMATIX URL Classification Service.
    • cache_ttl: Amount of time for which url will remain in cache
    • cache_max_size: Upper bound the cache can grow to e.g if set to 100 that means 100 urls will be cached
    • machine_label: The label you will sent as a payload to the watchdog server (This can be set by the controller in the browsermon-local.conf and browsermon.conf file).

    *All these config variables can be changed in browsermon-local.conf file except watchdog_ip and watchdog_port.

  • Getting Started

    1. Install BrowserMon: Deploy the lightweight agent on devices running Linux, Mac, or Windows.

    2. Configure Watchdog: Set up the Watchdog server to centrally manage and monitor all BrowserMon controllers.

    3. Define Configurations: Utilize mapping.conf and browsermon-watchdog.conf to customize configurations based on organizational requirements this is to be done in the watchdog server porgram.

    4. Enable Central Logging: Optionally, configure a central history database for real-time logging and analytics.

    By following this guide, you'll be equipped to effectively deploy and utilize BrowserMon 3.0 to enhance your organization's web monitoring and security capabilities.