Skip to main content
All CollectionsFAQAbout Teramind
How does Teramind work?
How does Teramind work?
A
Written by Arick Disilva
Updated over 8 months ago

Teramind Components

There are three primary components to the Teramind deployment.

Teramind Agent

Teramind deployments require the installation of Teramind’s revealed (visible) or hidden (silent) Agent. Teramind Agent is a standalone Windows and macOS app that captures user activities on the endpoint (computer) and sends the information to the Teramind Server. It also enforces policies and rules on the endpoint.

Teramind Server

Teramind Agent sends the information to the Teramind Server. The server processes the data, prepares analytics, and performs other system functions. It also hosts the Teramind Dashboard.

Teramind Dashboard

The web-based monitoring and management Dashboard provides an overview of what is happening in the organization. You can view monitoring reports, analyze productivity, set up users’ access, and build rules to automatically prevent security incidents, detect behavioral anomalies, and more. You can also configure all aspects of the Agent and the overall deployment from the Dashboard.

Teramind Data Flows

The following chart and table describe how data flows between the components.

1

Using the network filtering driver (proxy) Teramind Agent is able to analyze all network traffic on the machine. Agent detects high-level events (emails sent, webpages visited, instance messages, etc.), fetches all meta-information from underlying raw network traffic and creates monitoring events.

2

Using the filesystem filter driver, Teramind Agent is able to oversee and analyze all file-level operations happening on the computer. The Agent detects high-level events (file created, copied, etc.), fetches all metadata, and creates monitoring events.

3

The Agent uses other OS APIs to oversee application behavior and user activities on the system and generate monitoring events.

4

When there is no direct connection to the server, The Agent stores generated monitoring events in an offline data store. Once the connection is re-established, the Agent reads stored events and pushes them to the server.

5

The Agent streams generated events to the server.

Various protocols/ports are used:

  • Port 443 - HTTPS

  • Tenant-dependent port - TLS - proprietary protocol (port 10000 in on-premise deployments)

  • A dynamic range of UDP ports for audio transfer (optional)

The Agent also receives configurations, monitoring settings, behavior policies & rules from the server and enforces them to the endpoint.

6

A web-based Dashboard allows admins and privileged users to configure the system and Agent settings, create behavior policies and rules, etc., and view reports.

Did this answer your question?