Skip to main content

Overview

The Seer Box Sentinel component can be deployed as a traffic sensor on all environments where a distributed architecture is preferred, such as Kubernetes clusters or a set of on-premises virtual machines within a private network. Once configured, the component will:

  • Parse incoming traffic according to the configured input format;
  • Analyze all HTTP transactions to detect possible malicious activities;
  • Log analysis results locally and communicate with the Seer Box Engine component to signal detected alerts and record HTTP traffic data.

For a fully integrated deployment, the component will require to interact with the APIs exposed by Seer Box Engine and with the RabbitMQ message broker.