Table of Contents
Articles about network security monitoring, traffic analytics, setting up measurement, techniques for scaling, threat hunting tips, etc.
Hardware and Data Acquisition
Tunneling Netflow to a remote Trisul involves preserving the original IP address of the switch/router. We describe three methods to achieve it, NAT, GRE, and Shim Tunnels.
High availability and Disaster Recovery
Trisul can be setup as High Availability or a D-R Disaster recovery configuration. This section contains articles related to that.
NSM and Packet Analytics Concepts
Offline analysis with the WRCCDC PCAP dump
In this three part series, we explain techniques and show how to analyze the 2018 WRCCDC PCAP dump using TrisulNSM. We appreciate the kind folks at WRCCDC for making this publicly accessible.
Security and Hardening
Mount CIFS and NFS with uid, gid option only
A common technique is to mount the archive area onto a NFS or a CIFS share.
One gotcha is you need to add the trisul.trisul user id while mounting the CIFS share. Otherwise the archiver will not be able to access the share.
# get the user and group ID of trisul.trisul id -u trisul id -g trisul # use the uid= and guid= options //192.168.1.181/windowsShare1TrisulData /home/TrisDataArchive/ cifs username=Bob,password=mypassword,uid=995,gid=997,file_mode=0770,dir_mode=0770,noperm 0 0
Tuning Flow Indexes
How to tune flow indexes to optimize disk size based on requirements.