Trisul 3.0 sneak peek

Trisul 3.0 sneak peek

We are working like crazy trying to get Trisul 3.0 out the door by mid-April. We are so excited by the advanced SSL/TLS analysis features in 3.0, we cant wait that long to share some details.

Here are the main ones.

Full text search

All certificates seen by Trisul are not only stored but they are full text indexed. We’ve built a powerful faceted searching to group by all supported attributes in the X.509 certificate format.

(Multilevel faceted FTS in action)


Until now SSL traffic has been somewhat of a black box, we could meter by Source/Destination but couldnt do much beyond that.

In 3.0, we’ve added some useful traffic meters.

  1. CA metering – sessions underwritten by CAs (1) as root (2) as intermediate
  2. SSL metering – how much Facebook/Dropbox/Gmail/Whatnot traffic
  3. Cipher – how much traffic by ciphersuite (eg how much traffic by RC4/AES)

Bulk search for hashes

The Mandiant APT-1 report really got us thinking hard about making searches for certificate hashes easy. The current method which involves sifting through packets, was too slow. With Trisul 3.0 you can just copy/paste a list of cert hashes to search for matches instantaneously


And we will also have a brand new UI with dramatically enhanced drill/pivot abilities.

In the coming days, we will explain and document more of these features. Stay tuned !We welcome early beta testers who are willing to stress the product out. Please send a tweet to @trisulnsm if interested.

Leave a Reply

Your email address will not be published. Required fields are marked *