> For the complete documentation index, see [llms.txt](https://docs.blusapphire.io/llms.txt). Markdown versions of documentation pages are available by appending `.md` to page URLs; this page is available as [Markdown](https://docs.blusapphire.io/older-releases/architecture/architecture-version-3.md).

# Architecture - Version 3

## Deployment Architecture

BluSapphire supports both **Hosted (SaaS), Onsite** and **Appliance based** deployment models. 

A high-level SaaS deployment architecture is shown below:

<figure><img src="/files/vRguvMmZe3y5ELzrdMNN" alt=""><figcaption></figcaption></figure>

### *BluSapphire SaaS Deployment Architecture*

Onsite deployments will look like the architecture described above. Except that the hosted components will be onsite at the customer datacenter. A brief description of the components involved is as below:

#### **Onsite Components**

**Sensor:** Sensor is a gateway appliance (physical or virtual) that receives a SPAN/Mirror copy of all the traffic moving in and out of the firewall. Most Static Analysis and DPI happen at the sensor. The Sensor is also responsible for describing the traffic model(s) and sending over the metadata to the master for further analysis.

**Log Collector:** Log Collector is the local aggregator of all logs and flows on each site, filtering and compressing the data before transmitting them over to the Open Data Platform (ODP) for further analysis and storage.

**Responder:** Is responsible for all response and remediation action(s) on the client site. This is typically a windows VM that is part of the customer domain. Responder communicates with Master and executes the required actions on the local network(s). Responder is key for agentless Response, Remediation and Threat Hunt activity.

### **Cloud components**

**Gateway Collector:** Gateway Collector is the cloud “collector” of dat&#x61;**/**&#x6C;ogs and is responsible for orchestration, enrichment and normalization of data, and push it to Open Data Platform (ODP).

**Master:** Master is the central controller of all activity. It is responsible for all coordination between ODP, Sensors and Responders. It also typically hosts the web interfaces responsible for management interfaces for BluSapphire and manages all REST API Access too. Horizontally scalable. Master is also responsible for collecting all Threat Intelligence (TI) and pushing it to the required components like ODP.

**Behavior Analysis Platform (BAP):** Is responsible for Behavior Analysis of files, scripts etc., It is also typically responsible for Dynamic Behavior Analysis. Horizontally Scalable.

**Open Data Platform (ODP):** ODP is the Big Data Platform that stores and analyses the multiple data points collected by all BluSapphire components. It can horizontally scale to petabytes of data. ODP also hosts the Machine Learning, Predictive Analytics and Algorithmic analysis components of BluSapphire. ODP also consumes and process all Threat Intelligence data from BluSapphire Update Server and/or from other TI sources.

### Logical Architecture

BluSapphire Logical Architecture can be described in *Figure 5*.

<figure><img src="/files/5pPnhET34DVo9qmLuN1g" alt=""><figcaption></figcaption></figure>

*Fig 5: BluSapphire Logical Architecture*

Each of the BluSapphire Components can be scaled horizontally and operated in High-Availability mode. Eg: Sensor, Log Collector and Responders can be used in HA mode by using two of each system as a HA pair. ODP offers n+1 failure resiliency by design. Behavior Analysis Platform (BAP) is also available in HA along with Message Queues.

Please reach out to the team for planning a resilient architecture (HA) as customer networks, infrastructure and HA requirements vary. Our team will be able to work with you and define a resilient architecture that suits your needs.

### Data Flow Architecture

BluSapphire Data Flow Architecture can be described in *Figure 6*.

<figure><img src="/files/x5BXY5JyaKa1ba8lACdT" alt=""><figcaption></figcaption></figure>

*Fig 6: BluSapphire Data Flow Architecture*

BluSapphire relies on a proven Big Data and Machine Learning architectures for running its ML algos and Analytics, including scalable data storage. BluSapphire stores the raw data, normalized data along with various enrichments in models.

BluSapphire also maps all activities against MITRE ATT\&CK Matrix. This helps define threat actions, threat actors and enables faster resolution.


---

# Agent Instructions
This documentation is published with GitBook. GitBook is the documentation platform designed so that both humans and AI agents can read, navigate, and reason over technical content effectively. Learn more at gitbook.com.

## Querying This Documentation
If you need additional information that is not directly available in this page, you can query the documentation dynamically by asking a question.

Perform an HTTP GET request on the current page URL with the `ask` query parameter, and the optional `goal` query parameter:

```
GET https://docs.blusapphire.io/older-releases/architecture/architecture-version-3.md?ask=<question>&goal=<endgoal>
```

`ask` is the immediate question: it should be specific, self-contained, and written in natural language.
`goal` is optional and describes the broader end goal you are ultimately trying to accomplish on behalf of the user. GitBook uses it to tailor the answer towards what is most useful for that goal.

The response will contain a direct answer to the question and relevant excerpts and sources from the documentation.

Use this mechanism when the answer is not explicitly present in the current page, you need clarification or additional context, or you want to retrieve related documentation sections.