25-Apr-2018 Versions: Hub 6.5.2803, Probe 6.5.2883, Web 6.5.2127

New Major Release Trisul 6.5
Trisul 6.5 gets even better with our latest update. Monitor very high traffic loads with more stability and faster queries.

Release details

  • NEW: Bottom-K added to all counters. Added to Retro Counters screen as well
  • NEW: Flows now have microsecond timestamps, can be optionally turned off to save storage
  • NEW: IPv6, MDNS, PTR record resources
  • NEW: ERSPAN support to enable remove packet capture mode for Trisul
  • API: LUA setFlowAttribute added to API
  • API: LUA RE2 regex methods and options added
  • STABILITY: Fixed an issue with message monitor stream, which can cause deadlock in high load
  • STABILITY: Fixed a potential crash, prevent Flow stream events outside of flow context, by resetting the flow object to nullptr
  • STABILITY: Filters prevented from doing flow stream metrics like addflowcoutner outside of flow context.
  • FEAT: Bulkping : New tool to monitoring thousands of endpoints for reachability
  • PERF: Major perf update, stream message sponge algorithm change, advanced only by 1sec to prevent deadlock.
  • PERF: Previous sponge logic can cause deadlock at very high loads. Now solved.
  • FEAT: SFLOW use sampledPacketSize directly
  • FEAT: Streaming analytics RAT monitor, now we have per-queue drop stats
  • FEAT: URL Category now also uses SNI to classifiy sites
  • FEAT: NetBIOS IP Resolver allow hyphens in names
  • FEAT: Flow Database version update to allow microseconds in flow timestamps (start and end), optional to turn off to save space
  • BUGFIX: Flow tracker was not correctly resolving netflow interface names , guid had a lower case char
  • BUGFIX: Memory leak fixed in CounterItemRequest (with dbz/trfz yield)
  • BUGFIX: Due to lack of checking for interval_id , Cattrf infinite loop bug. fixed now.
  • FEAT: QuerySessions Parallel query support added (MRMT)
  • FEAT: TRPD Parallel Query for All : New option in trisulHubConfig.xml “Server>ParallelQueries”
  • BUGFIX: CacheBuild caused ONE datapoint loss per day at midnight, off by one in loop. Fixed.
  • BUGFIX: Migration ConfigDB BottomNCount error due to “no data to read” error
  • NEW: Brand new Time Range selector added to add screens
  • NEW: Progress bar added to all dashboards and long running query forms
  • NEW: Netflow Router Interface resolver screen redesigned,
  • NEW: Netflow interface drilldown Real time transmit and receive
  • NEW: RealTime interface utilization with all in one view(traffic,host,app,flows)
  • FEAT: Key space explorer , you can now enter in CIDR format. Eg instead of
  • NEW: If SNMP available, Live chart added to Netflow Interfaces due to cust demand/usage
  • FEAT: All Flow screens updated to show Microseconds for flow duration
  • FEAT: InitDB done on 1st raw install by webtrisul.
  • FEAT: HTTPS fixes, previously webtrisulssld was not working with the Real Time Websockets features
    + 100s of other small UI tweaks and fixes.

Graph Analytics

Discover hidden networks

Save hours trying to hunt down X:Y relationships using older hunting techniques

Distributed Probes/Hub

Deploy multiple Trisul-Probes

Management CLI tools included

Comprehensive new LUA API

Fully scriptable platform

Use plain Lua language

File extraction, TCP reassembly, and a dozen other hooks

Older releases

21-Jan-2018 Versions: Hub 6.5.2790, Probe 6.5.2866, Web 6.5.2107

New Major Release Trisul 6.5
We aimed for Release 6.5 to be the easiest way to deploy Network Security Monitoring and Traffic analytics in your network. Tons of new features and across the board improvements in performance, stability, and usability.

Release details

New Features
  • New Docker Image released. All included NSM image ready to go.
  • Bottom-K real time stacking option for any meter in any counter group
  • Support very high resolutions for metrics. Tested with 1 sec and 100msec.
  • Real Time Flow Monitoring much improved
  • DNS resource now captures TXT,NS,MX,CNAME for every request and response.
  • HTTP URL resources now captures request response with other metadata in a single resource
  • Bulk PING tool latency measurement and up/down tracking and alerting
  • Attach any number of new “key attributes” to a key. Eg, User-Agents to hosts
  • FTS (full text search) in HTTP Headers, SSL Certs now lets you see related documents in flow
  • NETFLOW: Click on interface to see apps, hosts, flows in real time.
  • If TShark is installed on the Hub Node, View PCAP Headers adds TShark summary line automatically.
Performance and Miscellaneous fixes
  • PCAP retrieval now shows upto 70% improvement in speed due to better indexing of blocks
  • File Extraction. MD5 was being generated for even those files not being extracted
  • EDGE streaming Graph analytics now allows filter by vertex groups for less clutter
  • LUA API – new set_key_attribute(..) method.
  • PDF Reports now have better graphics at 300 DPI
  • Major performance improvements due to better indexing of packets, up to 50% improvement
  • BadFellas (Intel Plugin) now adds Ransomware and SSL Certificates blacklists.
New Apps
  • NEW APPS : The following new Trisul Apps have been released.
    • TLS Fingerprint (JA3 hash),
    • FireHOL blacklist checker.
    • Security Overview Dashboard.

for full release notes, check out our Forum announcement

10-Sep-2017 Trisul-Hub 6.0.2788, Trisul-Probe 6.0.2844 Web 6.0.2038

HILITE Streaming Graph Analytics

The latest release of Trisul 6.0 brings practical graph analytics capabilities to your organization. All parts included.

Release details

  • New : TRISUL EDGE – Graph Analytics
  • New : TRISUL EDGE – Discover hidden networks by simply clicking and expanding
  • New : Roll out a network of probes and manage them from central location
  • New : Metrics from multiple probes can be stored as ‘layers’ in our MR DB
  • New : Fast packet retrieval from remote probe locations
  • New : CURVEMQ based security of Probe-Hub-Web domain
  • New : New concept of ‘domain’ introduced
  • New : trisulctl_hub CLI tool to administer Trisul Domain Network
  • New : trisulctl_probe CLI tool to admin the probe
  • Much easier now to create new contexts, import PCAP dumps
  • Extensive new optimized LUA JIT hooks into Trisul core engine pipelines
  • New : Powerful file reassembly you can control from LUA
  • New : Aysnc execution of LUA tasks from fast packet pipeline support
  • New : UI split into admin and user roles. (for cloud & SOC use cases)
  • New : LDAP login integration
  • Open framework for your own alert types, and resource types
  • Backend pipelines also opened up – export everything to ElasticSearch or Splunk
  • Optimizations to query and DB – can handle tens of billions of flows & stats
  • Optimizations to query and DB – can handle tens of billions of flows & stats
  • Open UI framework – write D3.js scripts that directly pull from Trisul backend DB
  • Much faster ; over 80% faster charts that span a month or more
  • Over 300+ bugs and improvements since our last release
  • Tons of improvements & bug fixes