General Architecture
Description of Kabeen platform components and their interactions
Architecture
Kabeen is a SaaS platform that analyzes enterprise information system data through two agents:
- A user terminal agent in the form of a browser extension compatible with Chrome, Edge, and Firefox standard (MANIFESTv3)
- A server agent
These two agents communicate with the Kabeen platform by establishing an HTTPS connection (on port 443) with two distinct APIs:
- A REST API (HTTPS) accessible from the FQDN: api.kabeen.io
- A GRPC API (HTTPS) accessible from the FQDN: intake.kabeen.io
Flows are therefore encrypted by the TLS protocol in version 1.3 minimum (policy defined on our CDN).
Data is then processed by application services hosted on the Google Cloud platform in the europe-west9 region (Paris).
Technologies
User Agent
The user agent consists of a native agent (compatible with Windows or MacOS) running in each user's session, complemented by a browser extension to be deployed in each browser present in the session.
- The native agent is developed in Rust to optimize resource consumption and maintain a high level of security. Some visual elements (such as agent menus) rely on the Tauri framework.
- The browser extension is developed in Javascript and relies on the VueJS framework.
Infrastructure Agent
The infrastructure agent (Kapsul) developed in Scala language runs on a JVM base.
Network Endpoints
| Endpoint | Port | Protocol | Description |
|---|---|---|---|
| api.kabeen.io | 443 | HTTPS (REST) | Main platform API |
| intake.kabeen.io | 443 | HTTPS (gRPC) | Telemetry data ingestion |
Security
Authentication
- API Key: Each agent authenticates with a unique API key
- JWT: Web interface users use JWT tokens
- OAuth 2.0: SSO integration available (SAML, OpenID Connect)
Data Isolation
- Multi-tenant: Strict data isolation between organizations
- Encryption: All data is encrypted at rest and in transit
- Audit logs: Complete traceability of access and modifications