Monitor information flows using the new Cross Keys feature

Monitor information flows using the new Cross Keys feature

We are excited to introduce a powerful new feature called Cross Keys. This feature allow you to meter and visualize arbitrary information flows which is not feasible with any other method without throwing heavy hardware resources at it.

How Cross Keys counter groups work

Trisul is a real time streaming analytics platform. This means all metrics, flow based analytics, detection, are computed in real time within a time budget unlike search, database, or log analytics platforms. By default, 200+ traffic metrics provide the baseline visibility into your network. These are grouped together as Counter groups.

Shown below is the Internal Hosts counter group. This group meters about 18 metrics for all hosts that fall within the Home Networks

Showing total bytes per Internal Host for selected interval

Next, here is the External Hosts counter group.

Showing total bytes per External Host for selected interval

With the new CrossKeys feature you can create a counter group that does a cross product of the Internal Hosts X External Hosts
In the figure below, observe the keys. They track the traffic flow for the Internal x External hosts.

A cross keys counter group is a cross product of Internal and External

You can even do this with three counter groups , say InternalHosts X Applications X ExternalHosts

Cross product of InternalHosts-x-Applications-x-ExternalHosts

Note on cardinality : If you create a crosskeys group from two groups with cardinality C1 and C2, then the new Cross Keys counter group will have a cardinality of C1xC2 Trisul can handle very high cardinality counter groups you can adjust the settings if you desire

Visualization app

The cross keys counter group meters a flow graph. The tabular form for visualizing is not very suitable. The SANKEY diagram provides the best visualization of these flows. We are also releasing a new Sankey Cross Key Trisul APP which brings this feature to you.

The Sankey Crossdrill App the visualization to life

Other features in new release

Other features in the new release include Export to XLSX for many reports, new Netflow features, and other additions which we will describe in detail shortly. Release notes

Happy monitoring!

Get started with Trisul NSM 6.5 now

Leave a Reply

Your email address will not be published. Required fields are marked *