Hey ! Trisul users. We’re excited to announce Trisul Apps
Its a collection of plugin extensions you can install,upgrade,remove with a single click to enhance the capabilites of Trisul.
Trisul Apps fall into three categories
- Analytics — Using the Trisul LUA API adds custom analysis capabilities
- Packaged Dashboard — Dashboards, modules, new counters, flow trackers, exported from Trisul
We’ve got the following apps live now.
|Passive DNS Extractor||Lua||Watches DNS stream and builds a LevelDB database containing an IP→Domain history database|
|Prune YouTube/Netflix/FB||Lua||Using the Passive DNS app to detect HTTPS and QUIC streams to YouTube, NetFlix, Facebook, video. Save 40-50% on disk space|
|Prune TLS||Lua||Another Prune app designed to optimize packet storage. Cut out all TLS traffic from being stored, but stores non TLS traffic on port 443. Looks for SSL/TLS handshake|
|SNI metering||Lua||Gain visibility into TLS traffic. Breakup of traffic and connections by SNI (Server Name)|
|SSH events||Lua||Solid detection of SSH login events, reverse SSH tunnel. Technique explained in SSH Traffic Analysis|
|Save Binaries||Lua||Save all suspicious files transferred over HTTP. Uses the file type as detected by libmagic rather than trusting the Content-Type. No size limit.|
|Heatmap||D3/JS||For any metric generate a hourly heatmap instantly for the past week. Click on a cell to drilldown into any interval|
|Super Search Host||D3/JS||Type a hostname ; eg google to retreive all IPs associated with that for each IP show traffic in last 24 hours|
|Perf Stats||Dashboard||A sample dashboard showing Trisul performance. Packet drops, packet processed, stream flush time, CPU, memory etc|
These apps have added real value to the sites we have deployed them. We will be explaining each of these apps in detail shortly.
Trisul Apps are available even to those using the Free License. Do try them out.