Back to Documentation

Architecture Diagrams

Enterprise Architecture & Integration Ecosystem

System Architecture Overview

A stateless endpoint utility designed for comprehensive cryptographic asset discovery through both local filesystem scanning and agentless remote network inspection. No persistent agents required.

TYCHON Quantum Readiness Architecture

Dual-Mode Deployment: Local & Remote Scanning

🎯
Scan Targets
Local & Remote
🏢 Local Mode:
• Endpoints/Workstations
• Deployed via SCCM, Intune
• Filesystem & Memory
• VPN Clients & IPSec
🌐 Remote Mode:
• Servers & Network Devices
• IP/CIDR/Range Scanning
• TLS/SSL Certificates
• SSH Host Keys & Banners
⏰ Orchestration:
Task Scheduler, Cron, K8s CronJobs
⚙️
TYCHON Scanner
Stateless Binary (45MB)
🎯 Key Features:
TLS/SSL Certs
SSH Keys
Cipher Suites
PQC Detection
Filesystem
Memory Scan
VPN Clients
IPSec Tunnels
Outlook PST
Risk Scoring
📄 Output Formats:
JSON, NDJSON, CBOM,
HTML, EventLog
🖥️
Server Side
Centralized Collection
⚡ Direct Push:
Elasticsearch, Splunk, Kafka,
AWS S3, Cloudflare R2
📂 File Collection:
Elastic Agent, Splunk Forwarder,
Filebeat, Logstash, Fluentd
📊 Analysis:
Dashboards
Alerts
Compliance
Tickets
Agentless Architecture • Dual Integration Model (Push + Pull) • No Runtime Dependencies
🚀 Layer 1: Deployment & Orchestration

Enterprise management platforms that deploy, schedule, and orchestrate TYCHON scanner across endpoints and infrastructure

Microsoft SCCM/MECM
Application deployment, scheduled tasks, hardware inventory integration
Microsoft Intune
Win32 app packages, Azure Sentinel integration, cloud-native deployment
Tanium
Real-time endpoint visibility, Tanium Deploy packages, Scheduled Actions
HCL BigFix
Endpoint management, Fixlet deployment, remediation workflows
CrowdStrike Falcon
Real Time Response (RTR), EDR-based deployment, Falcon LogScale integration
Ansible
Agentless automation, playbook orchestration, AWX/Tower workflows
Puppet Enterprise
Configuration management, declarative infrastructure, continuous compliance
VMware Workspace ONE
Unified endpoint management, cross-platform deployment, device compliance
Kubernetes
CronJobs, ConfigMaps, Secrets, container orchestration (EKS, AKS, GKE)
AWS Lambda
Serverless scanning, EventBridge triggers, S3 result storage
Azure Functions
Serverless compute, Timer triggers, Azure Blob storage integration
Deploys & Schedules
⚙️ Layer 2: TYCHON Quantum Readiness (Core Scanner)

Stateless, agentless binary that performs cryptographic discovery and analysis across network and local systems

TLS/SSL Certificate Discovery
X.509 parsing, chain validation, expiration tracking
Cipher Suite Enumeration
TLS 1.0-1.3 support detection, weak cipher identification
SSH Host Key Analysis
Key type detection, algorithm strength assessment
Post-Quantum Crypto Detection
MLKEM768/1024, hybrid groups (X25519MLKEM768)
Filesystem Scanning
Certificate file discovery (.pem, .crt, .cer, .p12, .pfx)
Memory Scanning (Windows/Linux)
Process memory analysis, loaded crypto libraries
VPN Client Detection
Cisco AnyConnect, Palo Alto GlobalProtect, Fortinet, etc.
IPSec Tunnel Analysis
Configuration discovery, security assessment
Quantum Readiness Scoring
0-100 scale assessment, PQC migration prioritization
Local Tracking Database
BoltDB for change detection, asset history (~/.tychon/tracking.db)
Multi-Format Output
JSON, NDJSON, CBOM, HTML, EventLog, Tychon formats
Publishes Results
🔗 Layer 3: Direct Integration Targets (Built-in Connectors)

TYCHON has native built-in capabilities to publish scan results directly to these platforms

Elasticsearch
-posttoelastic flag, Bulk API, direct indexing
Splunk
-posttosplunk flag, HTTP Event Collector (HEC)
Apache Kafka
-posttokafka flag, real-time event streaming, SASL/SSL
AWS S3
-upload-s3 flag, automatic file upload, lifecycle management
Cloudflare R2
S3-compatible, -s3endpoint flag, zero egress fees
Windows EventLog
-outputformat eventlog, native Windows event integration
Local File Output
JSON, NDJSON, CBOM, HTML files for local processing
Consumed By
📊 Layer 4: Data Consumption & Analysis (File-Based & Agent-Based)

Third-party tools and agents that read TYCHON output files or collect results via OS schedulers

Elastic Agent
File collection, custom logs integration, Fleet management
Splunk Universal Forwarder
File monitoring, log tailing, automatic forwarding
Datadog Agent
Custom checks, log collection, file monitoring
Logstash
File input plugin, JSON parsing, Elasticsearch output
Fluentd/Fluent Bit
Tail input, JSON parsing, multi-output routing
Filebeat
Log shipping, file harvesting, Elasticsearch integration
Windows Task Scheduler
Scheduled scans, output file creation, local processing
Linux Cron Jobs
Scheduled scans, systemd timers, output file generation
AWS Lambda Processing
S3 event triggers, automated processing, SNS notifications
Snowflake Data Warehouse
S3 Snowpipe ingestion, SQL analytics, BI integration
Custom Scripts & Automation
Python/PowerShell/Bash scripts for file processing and enrichment
Integration Model Legend
Deployment Layer - Platforms that deploy and schedule TYCHON
Core Scanner - TYCHON's cryptographic discovery engine
Direct Integration - Built-in connectors for real-time data publishing
File-Based Consumption - Agents that read TYCHON output files
Key Architecture Notes
  • Stateless Design: TYCHON is a stateless binary with no persistent service or agent requirements
  • Dual Integration Model: Direct integration (push) via built-in connectors OR file-based (pull) via third-party agents
  • No Runtime Dependencies: Self-contained 45-50 MB binary with embedded OpenSSL, no external libraries required
  • Platform Agnostic: Single binary supports Windows, Linux, macOS across x64 and ARM64 architectures
  • Enterprise Orchestration: Designed to be deployed by existing management platforms (SCCM, Intune, Tanium, Ansible)
  • Flexible Output: 6 output formats (JSON, NDJSON, CBOM, HTML, EventLog, Tychon) for different integration patterns
  • Local Tracking: Optional BoltDB database (~10-50 MB) for change detection and baseline comparison
  • Cloud-Native Ready: Container support for Kubernetes CronJobs, AWS Lambda, Azure Functions
  • SIEM-First Design: Native connectors for Elasticsearch, Splunk, Kafka for real-time security operations
  • OS Scheduler Integration: Works with Windows Task Scheduler, Linux cron, systemd timers for automated scanning