Trisul Blog

Hey Trisul users, we’ve got a maintenance update to Trisul 3.0.

OpenIOC is an XML schema that allows specification and sharing of threat information. An example of OpenIOC is the NetTraveler indicator file 469aed6f-941c-4a1e-b471-3a3e80cbcc2e.ioc

All you have to do is send a DNS TXT request and deal with the results.

We’ve created a OpenIOC format XML file out of the report. We think we got everything except the semaphore indicators.

This release took a good three months but it was worth it. The highlight of this release is..

A quick introduction to the X-Drill (Cross Drill) tool in Trisul 3.0 .

We are working like crazy trying to get Trisul 3.0 out the door by mid-April. We are so excited by the advanced SSL/TLS analysis features in 3.0, we cant wait that long to share some details.

This is exciting stuff for a lot of “intel starved” enthusiasts like us. Atleast three types of indicators can be searched for by looking at past network traffic.

f you were to walk into a strange network, you would want to first see what the typical characteristics of the network are.

We can all agree that the repository of packets represents significant business value, otherwise we’d all be sharing our pcap dumps on github. Therefore a breach of this nature can hurt.