Harness the power of streaming analytics

Deploy large scale deep monitoring with minimal resources and effort
  • Streaming algorithms allow large timeframe analysis
  • Far easier and cheaper to deploy then RDBMS or Search based solutions
  • Includes a fine tuned database backend, frees you up from maintaining a backend cluster
  • *New* Docker image lets you deploy a standalone NSM system in minutes
  • Monitors all common NSM metadata , PCAP integration, and objects
  • Powerful flow database can handle billions of flows on plain SATA drives

Create your own analysis using plain LUA

Trisul provides you the flexibility to write your own monitoring, detection, and hunting tools
  • Put our incredibily flexible open API to use
  • Extend Trisul or build entire apps using just plain LUA & Ruby
  • We do the grunt work of packet processing, reassembly, file extraction, storage
  • No hassles, no NDAs, or canned demos. Start exploring right now !
  • An ecosystem of Trisul APPS is slowly building on GitHub
The LUA API (Live Analysis) The TRP API (Retro Hunting)
How is Trisul different
Trisul puts fine grained metrics at the centre of a network monitoring strategy. The other pieces of a full NSM stack are arranged around the metrics model. Trisul is based on a real time stream processing architecture rather than traditional RDBMS or Search. This allows of real time analysis of large time windows, which can be challenging with non-streaming approaches.

Gain full multi layer visibility with Traffic Metrics

Supercharge your threat hunting, surveillance, and anomaly detection
  • We put traffic metrics and flows first in our NSM strategy
  • Continuous network monitoring from hundreds of different angles
  • Built in machine learning of normal bands can alert on deviations
  • Advanced metrics like cardinality and meta-metrics reveal patterns you never knew existed
  • More on Metrics

Take your searches and hunts to the next level

We store everything. With context. Metrics, flows, alerts, resources, packets
  • Metrics are our primary data but they dont hang separate from other types
  • Alerts are automatically correlated with flows, traffic patterns, and packets
  • Meta data extraction of URLs, TLS Certificates, HTTP Headers, DNS Records, and File hashes
  • We dont tie you to our backend - export everything to Elastic Search, Splunk or others
  • More on Flows and Metadata

Be quicker and smarter with packets

Fine grained pruning policies that make PCAP retention viable for everyone
  • Stream at 10Gbps and above to vanilla RAID0 arrays
  • Dramatically cut down costs by using policies to prune what is stored
  • Packets are stored encrypted and locally on each trisul-probe
  • Retrieval not just on IP flow tuples but linked to metrics, flows, alerts
  • More on packet indexing

What users are saying..

"I was using tshark to capture all the packets and then having to carve a 15 GB pcap down to just the packets I wanted to look at and then re-assemble the document. That particular task would have taken me around thirty minutes to accomplish without Trisul." Timothy Howard, City of Delaware

"Trisul has been monitoring our VSAT (satellite) and internet links, our team gets an email everyday with a summary of issues with our network. We were able to cut down our multicast VSAT traffic with help from Trisul" CIO - ITI Financial

"Trisul is an amazing product with a strong emphasis on network and security monitoring. Trisul's integration of the two enables us to leverage existing IDS tools and network traffic and flows into visualizations putting them in context immediately" Mark Maunu, Network Security Analyst, USA