You need the ability to extract, index, and save any higher layer information elements that traverse your network. Without this ability you cannot launch an investigation into these objects. Extracting higher level information elements such as documents, downloads, TLS certificates, URLs, DNS info are a central part of the full spectrum network security monitoring.
Pull out and index higher level information elements
Lower layers of information transferred over the network are packets, flows, and protocol messages. These are monitored and saved by Trisul. Higher levels of information elements are actual files, TLS certificates, DNS questions and answers, HTTP URLs, headers, and such. These are called metadata. Trisul extracts these as well and stores them as text documents. They can be searched easily as part of any investigation.
Files transferred using HTTP, FTP, SMTP are reconstructed and their hashes are stored.
SSL certificate chains with deduplication
Request response HTTP URLs
DNS request and response records fully decoded as in DIG