Turn your ideas into reality on the Trisul platform

Powerful Network Traffic and Security Monitoring out of the box .. but we understand that can never be all you ever need !
  • Put our incredibily flexible open API to use
  • Extend Trisul or build entire apps using just plain LUA & Ruby
  • We do the grunt work of packet processing, reassembly, file extraction, storage
  • No hassles, no NDAs, or canned demos. Start exploring right now !
  • The LUA API (Live Analysis) The TRP API (Retro Hunting)

How is Trisul different

Trisul is a streaming analytics platform that gulps network packets or flow records and turns them into hundreds of metrics. Unlike alert and threat centric techniques, we enable a programmable metrics centric approach to continuous network security monitoring.


Be a traffic metrics champ

Supercharge your threat hunting, surveillance, and anomaly detection
  • We put traffic metrics and flows first in our NSM strategy
  • Continuous network monitoring from hundreds of different angles
  • Built in machine learning of normal bands can alert on deviations
  • Advanced metrics like cardinality and meta-metrics reveal patterns you never knew existed
  • More on Metrics

Take your searches and hunts to the next level

We store everything. With context. Metrics, flows, alerts, resources, packets
  • Metrics are our primary data but they dont hang separate from other types
  • Alerts are automatically correlated with flows, traffic patterns, and packets
  • Meta data extraction of TLS Certificates, HTTP Headers, DNS Records, and File hashes
  • We dont tie you to our backend - export everything to Elastic Search, Splunk or others
  • More on Flows and Metadata

Be quicker and smarter with packets

Fine grained pruning policies that make PCAP retention viable for everyone
  • Stream at 10Gbps and above to vanilla RAID0 arrays
  • Dramatically cut down costs by using policies to prune what is stored
  • Packets are stored encrypted and locally on each trisul-probe
  • Retrieval not just on IP flow tuples but linked to metrics, flows, alerts
  • More on packet indexing

What users are saying..

"I was using tshark to capture all the packets and then having to carve a 15 GB pcap down to just the packets I wanted to look at and then re-assemble the document. That particular task would have taken me around thirty minutes to accomplish without Trisul." Timothy Howard, City of Delaware

"Trisul has been monitoring our VSAT (satellite) and internet links, our team gets an email everyday with a summary of issues with our network. We were able to cut down our multicast VSAT traffic with help from Trisul" CIO - ITI Financial

"Trisul is an amazing product with a strong emphasis on network and security monitoring. Trisul's integration of the two enables us to leverage existing IDS tools and network traffic and flows into visualizations putting them in context immediately" Mark Maunu, Network Security Analyst, USA

Plugins Advanced counting and classification


Check for blacklisted traffic

Compare your network traffic against reputed public blacklists. Supported lists include : Amada, Malware Domain List, DShield, Phish Tank, and 6 others.

Learn more


Add Country and ASN metering

Meter traffic by country and ISP network. Tag each network flow by country code or combine multiple countries and tag flows that way.

Learn more


Categorized Web Traffic

Meter and tag web traffic by category such as news, social networks, video, adult, etc. Allows you to keep an eye on your enterprise traffic profile.

Learn more