Skip to main content


Seer Box is composed of several components that adhere to the main principles of a microservice architecture. Each component is deployed and released in its own independent container.

Each service has unique functionality and specifications, and its necessity may vary depending on the deployment infrastructure. While some services are essential for the proper functioning of the system, others may be optional. The installation procedures described in the following sections take into account the components needed for the various environments.


Seer Box consists of two main services:

  • Seer Box Engine: it collects and analyzes traffic from various sources, gathers statistics, and provides an interface for external communication. In test environments that only require Seer Box Sentinel service, Seer Box Engine can be optional. It requires Seer Box Queue and Seer Box Storage.

  • Seer Box Sentinel: this component receives and analyzes traffic in a scalable and distributed manner, and then sends the data to Seer Box Engine. If not connected to the latter, such data will be logged locally. This service is optional in on-premise environments or environments that receive low amounts of traffic.

These are complemented by two additional services:

  • Seer Box Gui: the web interface that allows interaction with the system. This component is optional and requires Seer Box Engine service.

  • Seer Box Reporter: this component handles the automatic generation of reports. It is optional if report generation is not desired. It requires Seer Box Engine service.

Additionaly, the system requires a message broker (Seer Box Queue, based on RabbitMQ) and a relational database (Seer Box Storage, based on PostgreSQL) for proper functioning.


To Seer Box

Seer Box has multiple interfaces that allow communication with the outside world. Depending on the installation scenario, these interfaces may be exposed in various configurations.

Seer Box Engine

  • Ports 20050-20100/UDP-TCP: interfaces used for receiving traffic. Disabled by default, dynamic listening is enabled by configuring one or more traffic sources.

  • Port 4000/TCP: HTTP service for accessing the REST API. Warning: do not expose this port in case Seer Box Gui service is active.

Seer Box Gui

  • Port 53380/TCP: HTTP service for web console and REST API access.

Seer Box Sentinel

  • Port 2050-2100/UDP-TCP: interfaces used for receiving traffic.

From Seer Box

In order for Seer Box to work properly, it must have continuous access to the Internet throughout its operation. In particular, this is necessary to:

  • activate and validate the license
  • download and update groundtruth resources.

If it is not possible to access the network and validate the license for an extended period of time, the system will stop monitoring applications.