-
-
Notifications
You must be signed in to change notification settings - Fork 3
Architecture Overview
Pooja Patel edited this page Dec 16, 2025
·
1 revision
Netra v2 follows an Applied ML Systems architecture, designed for high throughput and workload isolation.
The system is composed of loose microservices communicating via Redis Streams.
graph TD
User([User]) -->|HTTP| UI[React UI]
User -->|HTTP| API[FastAPI Gateway]
API -->|Push Event| Redis{Redis Stream: netra:events}
subgraph "Workload Isolation"
WorkerIO["Worker Ingest (I/O Bound)"]
WorkerML["Worker ML (CPU Bound)"]
end
Redis -->|Consume| WorkerIO
WorkerIO -->|Raw Data| RedisRaw{Redis Stream: netra:raw}
RedisRaw -->|Consume| WorkerML
WorkerIO -->|Legacy Scans| Ruby[Ruby Bridge]
WorkerML -->|Update| Graph[(Neo4j Graph)]
WorkerML -->|Store Artifacts| S3[(MinIO Object Store)]
- Role: High-speed data gathering.
- Nature: I/O Bound (Network heavy).
-
Tasks:
- DNS Resolution (AsyncIO).
- Port Scanning.
- Running legacy Ruby scripts via
RubyBridge.
-
Input:
netra:events:ingest -
Output:
netra:data:raw
- Role: Data processing and Inference.
- Nature: CPU Bound.
-
Tasks:
- Parsing raw scan data.
- Running ML models for False Positive reduction.
- Updating the Knowledge Graph.
-
Input:
netra:data:raw
We use Redis Streams to ensure Payload Persistence. If a worker crashes, the event remains in the stream until explicitly acknowledged (XACK).
Netra maps the world state as a graph:
-
Nodes:
Domain,IPAddress,Block,Vulnerability. -
Edges:
RESOLVES_TO,HOSTED_ON,AFFECTS.
-
User submits
example.comvia API. -
API pushes event to
netra:events:ingest. -
Ingest Worker picks up the job, runs
dos_check.rband resolves IPs. -
Ingest Worker pushes JSON result to
netra:data:raw. -
ML Worker consumes the raw JSON, creates
(d:Domain {name: "example.com"})in Neo4j.
© 2025 NETRA Project
Maintained by the community • Built with ❤️ for security research