Why Trisul Network Analytics

In todays bandwidth unconstrained, encrypted, cloud centric networks you can no longer separate traffic analytics from security and investigation activities. Trisul helps organizations of all sizes deploy full spectrum deep network monitoring which can serve as a single goto source of truth for performance monitoring, network design, security analytics, threat detection, and compliance. Traditional approaches based on SNMP, Netflow, Agents, or Packet Capture have narrow focus and rigid vendor supplied analytics. Trisul is the only platform that provides a rich and open platform you can innovate upon.

Track everything

Send us your Raw Packets, NETFLOW, SNMP, agent measurements, or use our input filter API to send any type of data. A single place to analyze it all.

Extend it

Dont depend on vendor for features. Anyone can learn to use the simple Trisul APIs to add analytics capabilities to Trisul.

Tight solution

Includes a tightly integrated backend datastore and a web UI. Yet, open enough to plug into a different backend or to drive Kibana, Grafana UIs.

Use packets

Recall how you always go to Wireshark to nail down an issue? Trisul gives you powerful packet storage capabilities and sophisticated methods to just store what you need.

Scale out

Our design goal is to pack as much performance as we can in a single node. For larger networks scale out by adding more probes and hubs.


In addition to traffic and flows. Use metadata, objects, resources like TLS Certs, files, IDS alerts, and more. Drill up down, and sideways to complete your tasks.


How Trisul can help your organization

Clean and simple Network Security Monitoring.

Network security monitoring is a methodology that builds upon the capability to collect from live traffic –  metrics, flows, alerts, documents, and encryption metadata. These are indexed and linked down to raw packets. Trisul gives you utmost confidence to monitor, detect, respond, or investigate any type of network activity.  The best part is you can then take what you learnt from an incident and improve the platform itself.

  • Built in IDS and threat integration
  • Track and alert on over 200 traffic metrics
  • Simply plug into a mirror port or TAP
  • Supports speeds up to 40Gbps
  • Encrypted communication monitoring
  • Monitor all flows, packets, objects

Powerful and scalable netflow traffic analyzer

While packet monitoring offers the highest depth of analytics, it can be a challenge to deploy probes throughout your network. Netflow offers the easiest way to collect distributed enterprise wide traffic metrics.  Trisul brings advanced real time traffic, device, and flow analytics to Netflow monitoring.   Just point all your Netflow/SFLOW/IPFIX to Trisul !

Why Trisul Netflow?

  • Lossless monitoring. Always find what you are looking for in the historical records.
  • All versions of Netflow v5,v9,IPFIX,JFlow,NetStream,SFlow supported
  • Device view. Long term drilldowns into interface usage.
  • Single license can handle hundreds of devices
  • Integrated with SNMP to provide correlated traffic metrics between SNMP and Netflow

Deep and flexible peering analytics for Internet Service Providers

ISPs love to get real time deep visibility into traffic flows.  Trisul for ISP mixes BGP, Netflow, SNMP, and agent technologies to provide a clean view of upstream and downstream traffic flows.  Traffic can be mapped by ASN, Country,  Up and Down Peers, Content Caches,  Prefixes, and paths. The applications are traffic measurement for billing and settlement, route optimization, planning, negotiation with caches like Google, Amazon.

  • Track down traffic volumes upstream and downstream
  • Volumes per prefix per gateway per interface
  • Real time breakup of gateway router and interface
  • For L2 IXPs, monitor member traffic matrix
  • Special monitoring for content from Google, Amazon, Facebook etc
  • Route analytics shows active path volumes from "inside" and "outside" views.
Feature spotlight

Metrics provide the baseline

You can neither optimize nor detect anomalous behavior in patterns if you have no idea of their existence. Deep metrics collection collects simple metrics like app and host bandwidth but also hundreds of new ones like TLS certificate algorithms, Ethernet, Geo, HTTP errors, etc. A 360 degree view of metrics along with tooling like flows and graph analytics gives teams great investigation and detection capabilities.

  • Hundreds of metrics for millions of entities
  • Powerful built in algorithms. Top-K, Bottom-K,Cardinality, First-seen
  • Powerful retrospective analysis tools for IR
  • Ingest packets, netflows, snmp, or logs.
Feature spotlight

Never miss a flow

A flow is a unit of transaction between two network endpoints. Storing a record of every single flow is a foundation capability for investigations. Trisul Netflow makes it easy for organizations of every size to roll this out. You can mix and match - send packets at security perimeters and Netflow at internal core switches to track lateral traffic.

  • Ingest Netflows or reconstruct flows from packets
  • Flexible query language
  • Flow Taggers : add searchable text labels to flow records
  • Dont compromise ! no summarization or rollups
Let's get started for free

Are you ready to really open up your network traffic?

We include a free license that allows monitoring a rolling 3-day window. All you need to do is arrange a way to send traffic, netflow, or PCAP dumps to us. Our docker image makes it effortless to install on any linux platform.

Just sign up and download, no credit cards or other commitments required.