Network flows or conversations are a very important part of network security and traffic analytics. Trisul has always had excellent support for reconstructing, storage, and querying of very large scale flow databases. However, we watched customer workflows and found that we could dramatically make their lives easier by adding a couple of nifty new features. We just pushed out a new release that puts these two new tools in your hands.
- Aggregate Flows
- Run a query and aggregate all parameters that make up a flow
- Export to Excel
- On all flow related tools add a “Export to XLSX” button that exports results into a MS Excel document
You used the “Explore Flows” tool in previous versions of Trisul to query flows using any combination of ips, ports, protocols, netflow interfaces, etc. This works great when your primary use case is security where you expected a few thousand hits. The Explore Flows tool used only the first MaxCount (by default 10K) flows to perform the analysis on the browser.
A use case we found particularly from our large customers was they wanted to aggregate ALL matching flows even if millions matched. For example : One of them wanted to retrieve all subscribers usage numbers for port. This customer was pushing 1-Billion+ flows per day into Trisul.
- What aggregate flows does
- runs a query on the server and aggregate all the parameters. Then pass only the aggregate counts to the web interface. The following items are matched source port, destination port, source IP, destination IP, internal IP, external IP, internal Port, protoocol
The following screenshot shows this in action.
To use select Tools→Aggregate Flows
Export to Excel
We noticed what many of our customers wanted was to get an Excel spreadsheet as output rather than a web page or PDF which we already support. With this new release, you can click on the “Export to XLSX” button to download the entire output of the analysis to a Excel spreadsheet.
Look for the “Export to XLSX” button in the following flow related tools.
- Tools → Explore Flows : Find matching flows and aggregated the results
- Tools → Aggregate Flows : Aggregate parameters for matching flows
- Netflow Routers and interfaces → Interface Drilldown : In Netflow mode, router interface reports
Look for the Export to XLSX button
The browser downloads the spreadsheet you can open and work with.
The spreadsheet contains all the information you need to further your investigation
The spreadsheet exported contains multiple worksheets showing each part of the report.
Make sure to check out the multiple worksheets below
There are some other nifty features and updates too in this latest release. Update to enjoy them.