Bro IDS is a popular open source network analysis platform. A key feature of Bro IDS is the custom BRO language that allows you to write scripts to enhance the functionality of the platform. Trisul Network Analytics is also a platform that can be extended by writing scripts. This page introduces the Trisul Scripting API for those who are already familiar with Bro IDS scripting.

The first thing to note is Trisul is not built on top of Bro, it is built from ground up to be a streaming analytics platform. Therefore we need a small tech introduction to Trisul first before diving into the Scripting details.

• Trisul includes both the packet stream processing and the database function. You have to currently fit Bro into a backend such as ELK, Splunk, or other storage solutions. So Trisul scripts are of two categories - the packet pipeline and the analytics pipeline.
• The packet pipeline deals with familiar concepts like handling packets, reassembled TCP segments and the like.
• The analytics pipeline may be a new Bro scripters.