Nuix Adaptive Security architecture overview
1. Communication channels

Nuix Adaptive Security architecture overview

The Nuix Adaptive Security architecture consists of five main components:

Endpoint server

Endpoint agent

Application UI

API server + SDK

MySQL database

The Endpoint server communicates with the agent and sends the agent tasks. The Endpoint agent is deployed to endpoints to collect data, perform actions, process rules, and send data back to the Endpoint server. The database can be located on the server or another system or part of a performance cluster database.

The Nuix Adaptive Security Application is used to view data, manage investigations, and communicate with the server using the API. The application queries the database for the information through the API. The application sends tasks to the database through the API and then the Endpoint server communicates directly with the agent to perform the action.

The database stores the agent information that is collected from endpoints.

The web console is a web-based interface accessed by using the server IP address to perform administration tasks.

Communication channels

The Application UI and API server communicate using the SDK. The API Server and Endpoint server communicate through the MySQL database. The Endpoint server uses protocol buffers to communicate with the Endpoint agents. The typical TCP ports used are 443, 5002, 5003, and 5004, however, the ports are configurable. The communication channels are FIPS compliant.

Nuix Adaptive Security architecture overview diagram.

‎