Deploy deep monitoring with minimal resources

Deep traffic and security monitoring for all enterprises big or small

Network security monitoring techniques involve monitoring tons of metrics , metadata, flows, down to the packet level. Typically these solutions require massive amounts of storage and processing nodes. Trisul leverages cutting edge streaming algorithms to bring full blown monitoring using a minimum amount of resources.

The benefits
  • Gain full control of network traffic and security threats
  • Record full resolution data in a compact solution
  • Save upto 80% of hardware and TCO of equivalent RDBMS or Search based solutions
  • Instant responses for historical queries , upto 10x faster than search based solutions

Create your own analysis using our platform

Trisul provides you the flexibility to write your own monitoring, detection, and hunting tools

As a customer you are justifiably wary of vendor lock-in. For every small tweak to adjust your business requirements you end up requesting a call.

  • No special language to learn, just plain LUA or Ruby
  • Extend Trisul or build entire apps using a simple and open API
  • Build upon Trisul's packet processing, reassembly, file extraction, storage
  • An ecosystem of Trisul APPS is slowly building on GitHub
The LUA API (Live Analysis) The TRP API (Retro Hunting)

Miss nothing with multi layer traffic metrics

Supercharge your threat hunting, surveillance, and anomaly detection

Most organizations today run blind when it comes to network traffic monitoring. Typically, they use SNMP or basic Netflow to monitor bandwidth and top users on selected uplinks. Trisul presents you with a dramatically enhanced range of metrics. We do this by analyzing packets, reconstructing their content and extracting interesting metrics from them.

The benefits

  • Monitor and alert on metrics from L2 to L7 such as HTTP, SSL/TLS, DNS metrics
  • Create your own metrics by simple point and click
  • 200+ metrics including advanced traffic statistics available out of the box
  • Built in machine learning of normal bands can alert on deviations
  • More on Metrics

Take your threat hunting to the next level

Tools to help you test your hypothesis. Across metrics, flows, alerts, resources, packets

Trisul continously scans your network traffic against known threats like malware, spam and phishing sites. You can then investigate your hypothesis of the historical impact of any attack by querying Trisul's well indexed metadata of alerts, resource, full text search documents, and finally down the packets.


  • Metrics are our primary data but they dont hang separate from other types
  • Alerts are automatically correlated with flows, traffic patterns, and packets
  • Meta data extraction of URLs, TLS Certificates, HTTP Headers, DNS Records, and File hashes
  • We dont tie you to our backend - export everything to Elastic Search, Splunk or others
  • More on Flows and Metadata

Complete your investigations with packets

Fine grained pruning policies that make PCAP retention viable for everyone

The ability to drill down all the way to packet level is a key capability of Network Security Monitoring. Without this ability you will stop at the flow level and will be blind to what was actually happening. Trisul enables this powerful capability by giving you the tools to instantly pull up packets from any context and policies to optimize the packet storage to make the scheme practical to deploy.

  • Stream at 10Gbps and above to vanilla RAID0 arrays
  • Fine grained, easy to use policies cut down packet storage requirements
  • Packets are stored encrypted and locally on each trisul-probe
  • Instant recall due to smart indexing of packets
  • More on packet indexing
How is Trisul different

Trisul puts fine grained metrics at the centre of a network monitoring strategy. The other pieces of a full NSM stack are arranged around the metrics model. Trisul is based on a real time stream processing architecture rather than traditional RDBMS or Search. This allows of real time analysis of large time windows, which can be challenging with non-streaming approaches.

What users are saying..

"I was using tshark to capture all the packets and then having to carve a 15 GB pcap down to just the packets I wanted to look at and then re-assemble the document. That particular task would have taken me around thirty minutes to accomplish without Trisul." Timothy Howard, City of Delaware

"Trisul has been monitoring our VSAT (satellite) and internet links, our team gets an email everyday with a summary of issues with our network. We were able to cut down our multicast VSAT traffic with help from Trisul" CIO - ITI Financial

"Trisul is an amazing product with a strong emphasis on network and security monitoring. Trisul's integration of the two enables us to leverage existing IDS tools and network traffic and flows into visualizations putting them in context immediately" Mark Maunu, Network Security Analyst, USA