21-Jan-2018 Versions: Hub 6.5.2790, Probe 6.5.2866, Web 6.5.2107

New Major Release Trisul 6.5
We aimed for Release 6.5 to be the easiest way to deploy Network Security Monitoring and Traffic analytics in your network. Tons of new features and across the board improvements in performance, stability, and usability.

Release details

New Features
  • New Docker Image released. All included NSM image ready to go.
  • Bottom-K real time stacking option for any meter in any counter group
  • Support very high resolutions for metrics. Tested with 1 sec and 100msec.
  • Real Time Flow Monitoring much improved
  • DNS resource now captures TXT,NS,MX,CNAME for every request and response.
  • HTTP URL resources now captures request response with other metadata in a single resource
  • Bulk PING tool latency measurement and up/down tracking and alerting
  • Attach any number of new “key attributes” to a key. Eg, User-Agents to hosts
  • FTS (full text search) in HTTP Headers, SSL Certs now lets you see related documents in flow
  • NETFLOW: Click on interface to see apps, hosts, flows in real time.
  • If TShark is installed on the Hub Node, View PCAP Headers adds TShark summary line automatically.
Performance and Miscellaneous fixes
  • PCAP retrieval now shows upto 70% improvement in speed due to better indexing of blocks
  • File Extraction. MD5 was being generated for even those files not being extracted
  • EDGE streaming Graph analytics now allows filter by vertex groups for less clutter
  • LUA API – new set_key_attribute(..) method.
  • PDF Reports now have better graphics at 300 DPI
  • Major performance improvements due to better indexing of packets, up to 50% improvement
  • BadFellas (Intel Plugin) now adds Ransomware and SSL Certificates blacklists.
New Apps
  • NEW APPS : The following new Trisul Apps have been released.
    • TLS Fingerprint (JA3 hash),
    • FireHOL blacklist checker.
    • Security Overview Dashboard.

for full release notes, check out our Forum announcement

Graph Analytics

Discover hidden networks

Save hours trying to hunt down X:Y relationships using older hunting techniques

Distributed Probes/Hub

Deploy multiple Trisul-Probes

Management CLI tools included

Comprehensive new LUA API

Fully scriptable platform

Use plain Lua language

File extraction, TCP reassembly, and a dozen other hooks

Older releases

10-Sep-2017 Trisul-Hub 6.0.2788, Trisul-Probe 6.0.2844 Web 6.0.2038

HILITE Streaming Graph Analytics

The latest release of Trisul 6.0 brings practical graph analytics capabilities to your organization. All parts included.

Release details

  • New : TRISUL EDGE – Graph Analytics
  • New : TRISUL EDGE – Discover hidden networks by simply clicking and expanding
  • New : Roll out a network of probes and manage them from central location
  • New : Metrics from multiple probes can be stored as ‘layers’ in our MR DB
  • New : Fast packet retrieval from remote probe locations
  • New : CURVEMQ based security of Probe-Hub-Web domain
  • New : New concept of ‘domain’ introduced
  • New : trisulctl_hub CLI tool to administer Trisul Domain Network
  • New : trisulctl_probe CLI tool to admin the probe
  • Much easier now to create new contexts, import PCAP dumps
  • Extensive new optimized LUA JIT hooks into Trisul core engine pipelines
  • New : Powerful file reassembly you can control from LUA
  • New : Aysnc execution of LUA tasks from fast packet pipeline support
  • New : UI split into admin and user roles. (for cloud & SOC use cases)
  • New : LDAP login integration
  • Open framework for your own alert types, and resource types
  • Backend pipelines also opened up – export everything to ElasticSearch or Splunk
  • Optimizations to query and DB – can handle tens of billions of flows & stats
  • Optimizations to query and DB – can handle tens of billions of flows & stats
  • Open UI framework – write D3.js scripts that directly pull from Trisul backend DB
  • Much faster ; over 80% faster charts that span a month or more
  • Over 300+ bugs and improvements since our last release
  • Tons of improvements & bug fixes

3-Jun-2017 Trisul-Hub 6.0.2768, Trisul-Probe 6.0.2806 Web 6.0.2010

HILITE Distributed Probe / Hub architecture

Trisul 6.0 is our largest release till now. Trisul is now not only a solution that offers powerful features out of the box, but also a platform that allows talented security teams to build their own tooling on top of it.

New packages released : Jun-3-2017. Free download from https://trisul.org/download

Release details

  • New : Complete rearchitecting of Trisul as a distributed Probe+Hub model
  • New : Packages split into Trisul-Probe, Trisul-Hub, Web-Trisul
  • New : Roll out a network of probes and manage them from central location
  • New : Metrics from multiple probes can be stored as ‘layers’ in our MR DB
  • New : Fast packet retrieval from remote probe locations
  • New : CURVEMQ based security of Probe-Hub-Web domain
  • New : New concept of ‘domain’ introduced
  • New : trisulctl_hub CLI tool to administer Trisul Domain Network
  • New : trisulctl_probe CLI tool to admin the probe
  • Much easier now to create new contexts, import PCAP dumps
  • Extensive new optimized LUA JIT hooks into Trisul core engine pipelines
  • New : Powerful file reassembly you can control from LUA
  • New : Aysnc execution of LUA tasks from fast packet pipeline support
  • New : UI split into admin and user roles. (for cloud & SOC use cases)
  • New : LDAP login integration
  • Open framework for your own alert types, and resource types
  • Backend pipelines also opened up – export everything to ElasticSearch or Splunk
  • Optimizations to query and DB – can handle tens of billions of flows & stats
  • Optimizations to query and DB – can handle tens of billions of flows & stats
  • Open UI framework – write D3.js scripts that directly pull from Trisul backend DB
  • Much faster ; over 80% faster charts that span a month or more
  • Over 300+ bugs and improvements since our last release