https://www.trisul.org/devzone/ 2026-04-20T05:34:14+00:00 https://www.trisul.org/devzone/ https://www.trisul.org/devzone/ww.trisul.org/devzone/lib/tpl/dokuwiki/images/favicon.ico text/html 2024-05-10T14:05:37+00:00 Anonymous (anonymous@undisclosed.example.com) https://www.trisul.org/devzone/doku.php/add_probe?rev=1715330137&do=diff what it does It creates a new probe and connect it to the hub. prerequisite You should have trisul probe and ssh-server installed on your machine. how to use it Goto “/usr/local/share/trisul-hub” on your hub node cd /usr/local/share/trisul-hub text/html 2020-05-02T19:57:33+00:00 Anonymous (anonymous@undisclosed.example.com) https://www.trisul.org/devzone/doku.php/apps?rev=1588429653&do=diff Trisul Apps Trisul Apps are click-to-install extensions to Trisul Network Analytics. They fall into three categories * Analytics — Using the Trisul LUA API adds custom analysis. * JS/D3 Dashboards — Uses the JavaScript/TRP API to visualize historical data. text/html 2024-04-30T17:12:13+00:00 Anonymous (anonymous@undisclosed.example.com) https://www.trisul.org/devzone/doku.php/architecture?rev=1714477333&do=diff Architecture Documents Links to Trisul Network Analytics design and architecture. ---------- Domain network architecture How the Trisul Distributed Domain is setup. Network design, ZeroMQ endpoints, System Requirements Packet Capture 1Gbps System Requirements for 1Gbps packet capture text/html 2025-04-01T17:27:28+00:00 Anonymous (anonymous@undisclosed.example.com) https://www.trisul.org/devzone/doku.php/articles?rev=1743508648&do=diff Articles Articles about network security monitoring, traffic analytics, setting up measurement, techniques for scaling, threat hunting tips, etc. Hardware and Data Acquisition Configuring Port Mirror on Proxmox VE 5.1 for Network Security Monitoring applications Configuring ERSPAN for packet capture into Network Security Monitoring tools Netflow tunneling Tunneling Netflow to a remote Trisul involves preserving the original IP address of the switch/router. We describe three methods to ac… text/html 2024-11-21T11:59:02+00:00 Anonymous (anonymous@undisclosed.example.com) https://www.trisul.org/devzone/doku.php/cisco_nexus?rev=1732170542&do=diff Cisco Nexus Sample Configuration sflow max-sampled-size 200 sflow counter-poll-interval 100 sflow max-datagram-size 2000 sflow collector-ip 10.28.60.205 vrf default source 10.166.66.2 sflow collector-port 6343 sflow agent-ip 10.28.60.205 text/html 2020-04-01T16:37:01+00:00 Anonymous (anonymous@undisclosed.example.com) https://www.trisul.org/devzone/doku.php/cisco_umbrella_top-1m_domains_list?rev=1585739221&do=diff Cisco Umbrella Top 1M Domains List This app helps with providing guidelines for installing Cisco Umbrella Top 1M Domains List app in Trisul Network Analytics. To create a Domain Topper Counter that can be used in NSM to train the spotlight on least common domains seen in your network traffic. text/html 2020-04-06T17:34:43+00:00 Anonymous (anonymous@undisclosed.example.com) https://www.trisul.org/devzone/doku.php/http_proxy?rev=1586174683&do=diff HTTP Proxy This article helps with providing steps to install and use the HTTP Proxy app in Trisul Network Analytics. To examine inside-out of Web Traffic Web traffic to identify suspicious content, which can be a spyware, malformed content, or any other type of attack and view the exact destination addresses of Hosts. text/html 2024-05-10T14:04:43+00:00 Anonymous (anonymous@undisclosed.example.com) https://www.trisul.org/devzone/doku.php/hub_distributor?rev=1715330083&do=diff what it does " it delete the default domain0 and creates a new one with the TCP socket.And change the endpoints to TCP mode so that we can connect the probes from any server." prerequisite " you should have trisul hub , ssh-server and expect installed on your machine. text/html 2024-06-25T13:27:38+00:00 Anonymous (anonymous@undisclosed.example.com) https://www.trisul.org/devzone/doku.php/install_apps_in_offline?rev=1719302258&do=diff Install Trisul Apps in Offline step 1) * Download the Trisul Apps from Github using the link given below * <https://github.com/trisulnsm/apps/archive/refs/heads/apps7.zip> * Unzip the file and place the apps-apps7 folder in this path /usr/local/share/webtrisul/tmp/git/trisulnsm/apps/ cp -r apps-apps7/ /usr/local/share/webtrisul/tmp/git/trisulnsm/apps/ text/html 2019-04-13T17:53:49+00:00 Anonymous (anonymous@undisclosed.example.com) https://www.trisul.org/devzone/doku.php/pcaps?rev=1555158229&do=diff Analysis of popular PCAP dumps Using Trisul NSM to analyze popular PCAP (Packet Capture) dumps made publicly available. Merge PCAPs Using the ''trisul_ixmgtool'' to squish many thin PCAPs into a single thick PCAP file DEFCON 26 PCAP Dump Processing the DEFCON26 CTF Competition PCAP dump. This article explains how you can use the free trisulnsm/trisul6 docker image to process the 50GB+ PCAP and to view the results. text/html 2017-11-16T11:55:35+00:00 Anonymous (anonymous@undisclosed.example.com) https://www.trisul.org/devzone/doku.php/quicknotes?rev=1510813535&do=diff Quick notes and tips Short tips related to networks, security, packet capture, databases, and other things. Docker Install Docker CE on CentOS7.4 , on SUSE Enterprise text/html 2025-04-22T15:06:10+00:00 Anonymous (anonymous@undisclosed.example.com) https://www.trisul.org/devzone/doku.php/sidebar?rev=1745314570&do=diff Developer Zone * Home page * Articles Index * Trisul Apps * PCAP Analysis * Architecture docs * Tools LUA Scripting * Getting Started * BITMAUL protocol dissection library * Script Examples Tips and Troubleshooting * App use cases * Trisul Installation * Ubuntu * Centos * Docker * Netflow troubleshooting * Adding Logo to UI * Automatic Webtrisul Restart * Port Mirroring with iptables * Ingress Egress Netflow * LXC/LXD Container issues * T… text/html 2020-04-13T17:58:36+00:00 Anonymous (anonymous@undisclosed.example.com) https://www.trisul.org/devzone/doku.php/sni_tls_metrics?rev=1586780916&do=diff Server Name Indication based metrics This article helps with providing steps to install and use the SNI TLS Metrics app in Trisul Network Analytics. To provide visibility into TLS/SSL traffic by breaking it up by SNI Hostname. SNI stands for Server Name Indication.It indicates the hostname thT is being contacted by the browser at the beginning of a handshake.This feature allows a server to connect multiple SSL Certificates to one IP address and gate. text/html 2019-10-31T15:16:34+00:00 Anonymous (anonymous@undisclosed.example.com) https://www.trisul.org/devzone/doku.php/start?rev=1572515194&do=diff Trisul Network Analytics Developer Zone [Developer Zone] Trisul Network Analytics is a network security monitoring and traffic analytics platform. When you deploy Trisul, you get a ton of built-in metrics and analytics capabilities. However, the real power of Trisul lies in its programmability. You can build your own tooling using two APIs text/html 2020-04-02T19:13:10+00:00 Anonymous (anonymous@undisclosed.example.com) https://www.trisul.org/devzone/doku.php/tcp-analyzer?rev=1585834990&do=diff TCP Analyzer This article hepls you with providing guidelines to install and run the TCP Analyzer app in Trisul Network Analytics. To Calculate and Analyze the latency from connection setup time, retransmissions, and timed-out flows. The App adds the following metrics to Trisul namely, text/html 2020-04-06T14:04:31+00:00 Anonymous (anonymous@undisclosed.example.com) https://www.trisul.org/devzone/doku.php/tls_metrics?rev=1586162071&do=diff TLS Metrics This article helps with providing the steps for installing the TLS Metrics app in Trisul Network Analytics. To provide Protocol information about the data encrypted with the help of several Metrics. The App provides the following, text/html 2020-04-03T18:58:55+00:00 Anonymous (anonymous@undisclosed.example.com) https://www.trisul.org/devzone/doku.php/tls_print?rev=1585920535&do=diff TLS Fingerprinter This app helps with providing the steps for installing the TLS Fingerprinter App in Trisul Network Analytics. To guess a SSL/TLS client intelligently with known prints and build a profile for known clients for white-listing using JA3-Hash. text/html 2019-11-21T18:36:01+00:00 Anonymous (anonymous@undisclosed.example.com) https://www.trisul.org/devzone/doku.php/tools?rev=1574341561&do=diff Tools Collection of notes and howtos about testing and simulation tools for Trisul. * BGP Replay Tool BRT notes text/html 2024-10-09T16:08:27+00:00 Anonymous (anonymous@undisclosed.example.com) https://www.trisul.org/devzone/doku.php/trisul_audit_logger?rev=1728470307&do=diff what is Audit Log Audit log is a trisul feature which allows you to monit the overall activities in trisul like login, logout, create/delete user, password change, start/stop node ...etc. How to use it trisul writes all the audit logs in a fill called