Skip to content

Introduction

Watchdog Introduction

Watchdog acts as a licensing server designed to enhance the license verification process for BrowserMon. Built with precision, it is essential for managing and ensuring the integrity and security of licenses. Watchdog is more than just a licensing tool; it is crucial for the reliability and security of BrowserMon's operational infrastructure.

Features

  • License Verification: Watchdog includes an API that validates the authenticity of licenses. This provides a secure and authenticated gateway for accessing essential services.

  • Active Controllers Retrieval: The server not only verifies licenses but also retrieves information on active controllers. This feature offers valuable insights into the current list of registered controllers, aiding in effective monitoring and management.

  • Mapping and Sending Configuration to Controller: The server reads configuration and mapping files, then uses details from the controller (such as label, IP address, hostname, MAC address, and operating system) to determine the best matching department. Based on that match, Watchdog applies the relevant settings from the browsermon-watchdog.conf file. These settings, along with a valid license message, are then sent back to the controller.

  • Key Expiry: The Watchdog license is valid for a specific period (typically one year). Once it expires, the user must renew the license via [email protected].

  • BrowsermonInspect (Optional) provides a layer of accountability for your BrowserMon history logs. If you are not using an automated SIEM solution (e.g., Splunk), you can leverage the built-in Grafana dashboard for central logging of controllers.

    • MongoDB Database When deployed alongside MongoDB, BrowsermonInspect maintains a database of historical logs from all the controllers, which can be queried or integrated into external tools.

    • Grafana Dashboard BrowsermonInspect offers a Grafana dashboard to view real-time logs from all the controllers. This centralized view makes it easy to search, monitor, and analyze logs across your environment.

  • EUNOMATIX Threat Intel (Optional) : ETI is an optional component that can integrate with Watchdog and BrowserMon to enable Threat classification on BrowserMon reader endpoints. When enabled:

    • Threat Intelligence & Classification
      ETI can store and index various threat intelligence data. BrowserMon readers can then query ETI to classify URLs in real time, helping to detect and block malicious links or suspicious sites.

    • Internet Connectivity
      To keep its threat data current, Elasticsearch-based classification requires access to external sources such as PhishTank and URLHaus.

    • Configuration
      You can enable or disable ETI features within browsermon-watchdog.conf (eti_mode). Additional parameters, such as cache_ttl and cache_max_size, let you control how URLs are temporarily stored and reused.

  • EUNOMATIX URL Classification Service (Optional) : UCS is an optional component that can integrate with Watchdog and BrowserMon to enable URL classification on BrowserMon reader endpoints. When enabled:

    • Advanced Content Analysis with LLMs
      UCS uses an LLM pipeline to accurately classify web pages by understanding their content and context, not just patterns or blacklists.

    • Behavioral and Productivity Insights
      UCS categorizes website visits into groups like Gambling, Social Media, News, and Adult to highlight risky or distracting activity. This helps security teams detect threats and HR monitor employee productivity more effectively.

    • Configuration
      You can enable or disable UCS features within browsermon-watchdog.conf (ucs_mode). Additional parameters, such as cache_ttl and cache_max_size, let you control how URLs are temporarily stored and reused.

    • UCS API: UCS includes a built-in, secure API that allows Watchdog clients to pull the latest domain classification updates on a daily basis. Each pull request is incremental, meaning clients only receive new or modified domain classifications since their last sync, reducing bandwidth usage and ensuring efficient updates. To get UCS daily updates, following cloud URL https://ucs.eunomatix.com:8000 should be a accessible to the centralized watchdog instance.

    • Air-Gapped Networks: UCS supports offline and air-gapped environments by packaging the latest classification dataset with each BrowserMon release. This Index snapshot is automatically restored on installation when ucs_updates are turned off without external connections, ensuring continued functionality. This makes UCS a flexible solution for both connected and isolated, high-security environments.