The Capture agent analyzes network traffic and captures statistics for analysis.
- It should be installed on a proxy or router that handles all internet traffic for your network.
- Statistics will be sent to the Analyzer using a network share or local folder on the same machine.
- It acts as a comprehensive TCP traffic monitor, capturing traffic data and sending it to a log file, which is then analyzed by the Analyzer component.
- Capture runs as a service and communicates directly with Analyzer.
- Capture runs on a Firewall/Proxy/Router and includes a DNS Capture counter that runs on your DNS Server.
- The connection between the cloud service and the Capture agent is authenticated and encrypted via SSL/TLS. The client and the host agree on the strongest cipher possible.
The analyzer is the core engine of AppGuru Client, where all data is processed and SaaS events are generated:
- What SaaS apps are being used in your network?
- Which devices are using these SaaS apps?
- Who is using the SaaS apps?
The Analyzer receives data from the Capture agent and processes it, storing any relevant SaaS activity to the database. It analyzes network traffic logs (capture output) for SaaS related traffic. SaaS traffic is then converted into a SaaS event and is sent by the client. A SaaS event contains the SaaS app name, amount of data uploaded or downloaded, device ID, and the timestamp of SaaS event. Network traffic logs never leave the network.
The Analyzer also has the capability to process WELF log files, without having to install the capture component.
The Active Directory component is used to collect AD information for use by AppGuru itself and other components in AppGuru Client. AD data is used to identify Users of SaaS Apps, determine the AD connected devices those users are using to access SaaS Apps, and detailed user information such as login/logout and device details.
The Active Directory component constantly monitors the Domain for AD changes. When changes are made to AD, those changes are synced with AppGuru once every 5 minutes.
The AD integration performs two main tasks:
- Reading user, group, and computer information from Active Directory via LDAP.
- Reading user logon/logoff events from the security event logs on the domain controllers.
AD properties that are synchronized: Name, EmailAddress, Status (enabled/disabled), userid, DisplayName, Title, Company, ThumbnailPhoto, DomainName (domainComponent), SAMAccountName, commonName, organizationalUnitName, organizationName, streetAddress, localityName, stateOrProvinceName, countryName, MemberOfDNs, WhenCreated, LastModified
Notes about AppGuru Client Security
Does any AppGuru Client component ever transfer personal identification data?
Does the AppGuru Client require a separate proxy server inline with network traffic?
No, the service listens to mirrored port traffic for specified events and does not need to inspect packets inline.