monitor whole objects

Metadata extraction

You need the ability to extract, index, and save any higher layer information elements that traverse your network. Without this ability you cannot launch an investigation into these objects. Extracting higher level information elements such as documents, downloads, TLS certificates, URLs, DNS info are a central part of the full spectrum network security monitoring.

Pull out and index higher level information elements

Lower layers of information transferred over the network are packets, flows, and protocol messages.  These are monitored and saved by Trisul. Higher levels of information elements are actual files,  TLS certificates,  DNS questions and answers, HTTP URLs,  headers, and such.  These are called metadata. Trisul extracts these as well and stores them as text documents.  They can be searched easily as part of any investigation.

Files

Files transferred using HTTP, FTP, SMTP are reconstructed and their hashes are stored.

SSL Certs

SSL certificate chains with deduplication

HTTP URLs

Request response HTTP URLs

DNS records

DNS request and response records fully decoded as in DIG