Trisul Network Analytics Feature Tour

Trisul Network Analytics is a integrated platform for monitoring your network traffic from multiple angles.  Trisul presents our customers with a reliable source of truth for any visibilty, detection, or investigation application.  Check out the quick feature tour below to find out more about how we do it.

Network Traffic Monitoring

Start tracking hundreds of metrics to understand your network

The first thing you notice when you deploy Trisul Network Analytics is the sheer number of metrics you are able to see.  In just a few minutes you will understand your network traffic from multiple angles such Layer2 , IP, TCP, application, flow, perspective. This is essential to build a baseline model of your network traffic. Once you get a solid baseline in place, you can use our extensibility features to fine tune the monitoring.

Build a rock solid network traffic baseline

Basic monitoringAll the common metrics you are used to seeingBandwidth charts, Top Hosts, Top Applications
Layer 2Keep an eye on your link layer Ethernet metrics, MAC, MAC pairs, broadcast, multicast, ARP, VLAN monitoring
Network LayerOver 100 counters to keep an eye on IP trafficIPv4 hosts and applications by volume, flows, connections, active connections, TCP,UDP metrics, Latency, RTT, Retrans, SYN monitoring etc
Upper layersApplication layerDNS, HTTP types, monitoring, BGP, Netflow, Geo location, threats, etc
EncryptedDon't fret, we've got full encrypted monitoring tooTrack TLS ciphersuits, certificate types, issuers, root CA, algorithms. Client fingerprinting (JA3), SSH, SNI, etc
AdvancedAdvanced metrics give you more ..Top-K, Bottom-K, Time Series, Cardinality (Unique X of Y), Metric flows (Track X cross Y), flow tracking


Flows provide the master data exchange record

A flow is a unit of data exchange between two endpoints. Trisul tracks all flows either by reconstructing packets or by directly accepting Netflow like feeds. The flow stream in turn generate further metrics, such as Number of Active Flows per Host. Solve common flow query problems like long term queries for common patterns by using Flow Trackers or add any tag using Flow Taggers.


Packet storage

PCAPs or it didnt happen. It is a common theme in network analysis. Today's security and network analysts demand to see packets to close investigations. Trisul tucks away raw packets as they are being monitored and indexed them for later forensics usage. The challenge of doing this at scale has been solved using flexible rules to just keep the traffic you really need.


Integrate with IDS alerts coming off third party systems

Intrusion detection is still a must have weapon in your defensive arsenal. Trisul supports a side stream of alert events from IDS such as Suricata or other IPS, FIrewalls. This stream enriches the main pipeline processing. So you can do fun workflows like ``Show me all flows that had a Major alert , then pull out a PCAP of those``.


Collect and search of richer information exchanges

Metadata consists of documents pulled out of network traffic by Trisul. These include SSL Certificates, DNS Records, URLs visited along with the Params, any files transferred. With these you can run long term queries that would be prohibitively expensive from packets.


Explore relationships between metrics effortlessly using Trisul EDGE

Trisul EDGE is a feature set that provides graph analytics capabilities. While building the metrics pipeline Trisul also creates a new stream of Edges and Vertices. These are reassembled into full graphs. They help you explore relationships. If you see a SHA1 certificae metric you can open up the graph and explore which Organization uses it, which IP addresses transferred data with it, then expand the IP themselves to pull out the flows, and so forth. A very powerful feature that pulls everything together.

Minimize blind spots with hi-res monitoring

Do you know that you saw a never before seen TLS Certificate type today? Do you even know how much of your traffic is TLS 1.3 vs older versions? Do you know how many internal hosts are active at the moment?   These are blind spots you get when you deploy legacy monitoring tools. Trisul runs your packets and netflows through a real time streaming analytics pipeline containing dozens of analytics algorithms which pull out hundreds of such metrics.  You can write your own analytics using our LUA API too.

Tech highlights

Trisul integrates a number of network monitoring technologies on a single platform.  Find out in which class of products comparable features can be found.



Compared to other network monitoring solutions

Available as software package, Docker image, hardware appliance

Common in other tools too

Basic traffic monitoring like bandwidth usage , top IPs, apps

Usually found in SNMP based tools

Advanced metrics across Layer 2 to Layer 7

No comprehensive solution. Some tools generate limited visibility from logs.

Open APIs

Trisul is the only product offering an fully open API for analytics and queries

Integrated packet storage

Usually found in standalone appliances in a different platform

Large scale data handling and lossless historical queries

Most offererings roll up timeseries metrics and truncate full flow storage to keep their database size compact.

Deep Integrations with IDS/IPS/Firewall logs enrich the metrics and flows.

Usually standalone products, integrations may be limited to viewing on a single dashboard.

Graph Analytics

Not found in other network monitoring products today

Large scale Netflow/SFLOW monitoring

Commonly found as add-on modules to basic enterprise SNMP monitoring solutions.

Trisul includes eveything you need including a purpose built database backend and runs on Linux

May have to acquire OS and database licenses separately

Get Trisul Now !

Download Trisul with FREE PACKAGES