Powerful alerting to drive your operations
Powerful visibility by itself isnt going to help your team. Trisul provides a powerful totally configurable alerting system to drive your team. The powerful LUA interface ensures that you can practically alert using any mechanism you want if the standard options dont fit you. Out of the box 5 different types of alerts are generated immediately upon installation.
Improve your response times
Different alert types ensure that you never miss out on important events in your network. A A flow related exfiltration alert is different from a statistical metric threshold crossing alert which is different from a signature based IDS alert. All alert types in Trisul include flexible email alerting options.
Threshold Crossing
When any metric value crosses fixed thresholds
- Based on meter values
- Above and below thresholds
- Set on any counter,meter, item
- FIRE and CLEAR conditions helps operators
Flow tracker
Large uploads, unusual uploads, long running remote desktops,
- Police flow activity
- Watch large uploads, downloads, long running flows,
- Set on any counter,meter, item
IDS/IPS alerts
Ingest signature based alerts and correlate with metrics and flows
- Integrate IDS alerts to flows, metrics, pcaps
- Investigate everything from one place
- Single click bulk PCAP from alerts
Threat alerts
Efficiently process hits on known threats
- Free with the badfellas plugin
- Match traffic against millions of known threats
- Includes must-have open feeds
- Scores impact to help you ignore noisy scanners
ML metric bands
Machine Learning creates bands of metric usage and detects outliers
- Continuous learning of metrics usage bands
- Training window spreads over five weeks
- Automatically alert on out of band activity of any metric
User alerts
General purpose alert group for your own use
- Create your own alerts via LUA
- A catch all alert group for events like failed DNS, failed SSH logins.
- Single click bulk PCAP from alerts