New Trisul Network Analytics 6.5 released with new charts and APIs

We just released new packages of Trisul which include many features which make many Network Security Monitoring and Traffic Analytics workflows even easier. Highlights of this release are improved charting of timeseries metrics, ability to integrate simultaneously with multiple instances of IDS systems, improved CLI and diagnostic tools, and 3 new Trisul APPs.

New faster charts help with long term analysis

Retrospective analysis in Trisul usually starts with a long term time series chart of a particular type of metric. Then narrowing down a timespan and then applying a number of tools to that time interval. This release introduces a more flexible time selector that is more interactive and faster to use.

Much improved retro analysis time selector

Turn any module into a long term chart

Trisul dashboards consists of a number of modules which can contain timeseries charts. In prior releases of Trisul , if you wanted to zoom out on a particular chart your options were limited. This release features a new mechanism which allows you to click on a chart and expand out to any time window.

Much improved retro analysis time selector

New APPs and Libraries

The real power of Trisul is its powerful API that allows you to build your own analytics. All these apps are open source available on the Gihub repository trisulnsm/appsBITMAULA LUA library for protocol dissection. With working samples for some ICS protocols, DHCP, BGPIOC-HarvestorThis APP creates a new stream containing intel artificats harvested from various other streams within Trisul. There are 15 different types of Intel artifacts harvested including IPs, TLS Certificates, Domains, URLs, etc. You could then write a couple of lines of LUA to plug into any Threat Intel database of your choice.IP2-LocationAdds in Country, City, ASN, and Proxy metrics to Trisul using the IP2Location LITE databases. Adds graph analytics to these metric items that allows you to click on a city and open up hosts, apps, in that city. This can be used to replace the default the default Maxmind Lite database in the Trisul-Geo plugin.Alienvault-OTXThis APP builds on the IOC-Harvestor and checks each Intel item against the AlienVault OTX threat feeds.HTTP-ProxyA simple APP that can be used in environments where you are only able to tap network traffic behind a proxy , hence all destination IP addresses are those of the proxy.Updates to existing APPsThe TLS Fingerprint APP is updated to add JA3-S based on TLS Server Hello, the Passive-DNS App can now be used to lookup IPv4 and v6 addresses in a number of different ways.

For full release notes – see our forum announcement

Happy monitoring!

Free Download Trisul 6.5 ! Get started now.