https://www.trisul.org/devzone/ 2026-04-20T07:05:25+00:00 https://www.trisul.org/devzone/ https://www.trisul.org/devzone/ww.trisul.org/devzone/lib/tpl/dokuwiki/images/favicon.ico text/html 2018-12-13T16:26:04+00:00 Anonymous (anonymous@undisclosed.example.com) https://www.trisul.org/devzone/doku.php/lua:bitmaul?rev=1544698564&do=diff BITMAUL : The protocol dissection framework We released an open source LuaJIT based protocol dissection framework called BITMAUL. BITMAUL can be found on its GitHUB page <https://github.com/trisulnsm/bitmaul> [ Bitmaul logo] Use cases Bitmaul allows you to * sweepbuf - use next_xx type calls to dissect a bitstream. Supports bit level operations and covers most of the common packet dissection idioms text/html 2018-06-14T22:37:33+00:00 Anonymous (anonymous@undisclosed.example.com) https://www.trisul.org/devzone/doku.php/lua:brovstrisul?rev=1528996053&do=diff Trisul scripting for Bro developers This page explains the Trisul NSM scripting framework for those who are already familiar with the Bro IDS scripting. Work in Progress. 15/jun/18 text/html 2018-12-22T18:29:13+00:00 Anonymous (anonymous@undisclosed.example.com) https://www.trisul.org/devzone/doku.php/lua:examples?rev=1545483553&do=diff Script examples Explains various programming techniques with real examples. Where to find more Trisul scripts The following locations contain working Trisul LUA scripts * Trisul Apps : Working scripts ready to install in production environments as Trisul APPS text/html 2018-06-18T12:47:51+00:00 Anonymous (anonymous@undisclosed.example.com) https://www.trisul.org/devzone/doku.php/lua:jittips?rev=1529306271&do=diff LuaJIT tips The TrisulNSM scripting API depends heavily on LuaJIT. This page records some pointers to help you write high performance scripts. NYI : Not yet implemented list Which features are implemented in each of the major libraries are JIT-compiled text/html 2018-12-22T18:21:50+00:00 Anonymous (anonymous@undisclosed.example.com) https://www.trisul.org/devzone/doku.php/lua:logtail?rev=1545483110&do=diff Log Tailing Log tailing can be a useful source of enrichment information to be fed back into the Trisul streaming pipeline. It can be a little tricky to get right with LUA. Here is a technique that works with low volume 100s/events/second log entries. text/html 2024-06-04T16:58:33+00:00 Anonymous (anonymous@undisclosed.example.com) https://www.trisul.org/devzone/doku.php/lua:quic?rev=1717500513&do=diff QUIC protocol analysis using the Trisul Scripting API QUIC (Quick UDP Internet Connection) is a protocol championed by Google to speed up web services by replacing the traditional TCP/HTTP network layer with a new UDP based protocol. QUIC is almost exclusively used by Google services right now like YouTube, but there is an IETF Internet Draft on it now text/html 2018-12-22T18:19:04+00:00 Anonymous (anonymous@undisclosed.example.com) https://www.trisul.org/devzone/doku.php/lua:start?rev=1545482944&do=diff Getting started with Trisul LUA Scripting Using plain LuaJIT you can extend Trisul's functionality in a number of ways. Concepts Skeleton Lua scripts you can copy and fill out LUA Script selector - to help you pick the type of scripting API you need to use to accomplish a variety of tasks text/html 2018-12-22T18:32:15+00:00 Anonymous (anonymous@undisclosed.example.com) https://www.trisul.org/devzone/doku.php/lua:strelka?rev=1545483735&do=diff Send extracted files from network to Strelka Strelka is a real time scalable file scanning framework. See <https://github.com/target/strelka> The following Trisul script builds a bi-directional interface between Trisul File Extraction and Strelka scanning. The script can be found here: text/html 2018-12-12T19:44:49+00:00 Anonymous (anonymous@undisclosed.example.com) https://www.trisul.org/devzone/doku.php/lua:structure?rev=1544624089&do=diff How to structure your Trisul Lua apps A typical LUA app may contain several *.lua files some of them contain Trisul API and some others are supporting helpers. Check out the trisulnsm/apps repository to see how we have structured our apps. Use a helpers subdirectory text/html 2018-12-13T17:09:55+00:00 Anonymous (anonymous@undisclosed.example.com) https://www.trisul.org/devzone/doku.php/lua:ua-parser?rev=1544701195&do=diff HTTP User-Agent based analytics using the UA-Parser project User-Agent strings are notorious for minor variations that make it hard to use them to categorize browsers, devices, and OS. The UA-Parser Core project maintains a giant Regex file that you can use to extract these elements.