Trisul packages now available for Ubuntu 18.04 Bionic Beaver

We are pleased to make the following announcements.

New Ubuntu 18.04 repository ready to install packages

We just released packages of Trisul Network Analytics for Ubuntu 18.04 LTS 64-bits (Bionic Beaver). For most new users of Trisul we recommend the Ubuntu 18.04 64-bits Server Install as the first choice installation platform.

Read More

Announcing Trisul-Probe docker image and new distributed monitor features

We just released new builds of Trisul Network Analytics 6.5 with some exciting updates.

Trisul Network Analytics is a distributed monitoring platform. In the distributed setup, a network of “Probe nodes” can report to one or more “Hub nodes”. We provide Ubuntu/CentOS/RHEL packages for the probe and hub nodes. But we really like Docker for its sheer ease of deployment and upgrades. We already have a popular Docker Image with over 10K pulls for our single-node solution called trisulnsm/trisul6

Today we are excited to release a new Docker image of Trisul-Probe that lets you roll out a new probe in under 3 minutes.

This blog post is a quick tour of the distributed management features you can find in this release.

Read More

New Trisul Network Analytics 6.5 released with new charts and APIs

We just released new packages of Trisul which include many features which make many Network Security Monitoring and Traffic Analytics workflows even easier. Highlights of this release are improved charting of timeseries metrics, ability to integrate simultaneously with multiple instances of IDS systems, improved CLI and diagnostic tools, and 3 new Trisul APPs.

New faster charts help with long term analysis

Retrospective analysis in Trisul usually starts with a long term time series chart of a particular type of metric. Then narrowing down a timespan and then applying a number of tools to that time interval. This release introduces a more flexible time selector that is more interactive and faster to use.

Much improved retro analysis time selector

Read More

Announcing the IOC Intel Harvestor App

The Trisul NSM platform has always provided a way to integrate threat intelligence feeds using the Badfellas Plugin. That works great but it is limited in flexibilty. The Trisul LUA API lets you gain total control over the process of harvesting intel pieces and performing the checks.

We just released a new Trisul APP called Intel IOC Harvestor that lets you trivially build advanced capabilites. This blog post describes this new APP.

The Intel Harvestor APP currently pulls out 14 different types of IOC Intel including IP addresses, Domains, SSL Cert hashes, File hashes, TLS SNI, SAN, JA3, and others.

How the IOC Intel Harvestor App works

In Trisul LUA Scripting, you write LUA scripts that plugin to various streams, and then process pieces of information as they fly by. Without the new IOC Harvestor APP you would have to write small scripts for 14 different streams. The IOC Harvestor APP just does this work for you. See the figure below , on the left side you see a number of streams in Trisul, this APP pulls out all of this into a single stream.

Read More