Trisul 2.2 now officially supports Ubuntu 32-bit builds. It is a result of user requests to make Trisul run on the Security Onion distro.
The following Trisul plugins which were previously only available on 64-bit platforms are now available for 32-bit Ubuntu as well.
- Badfellas - Compare your traffic against public blacklist and flag the baduns
- URLFilter - Your web traffic counted by News/Radio/Pron/Blogs/etc
- Geo – Traffic by country and ASN
How does Trisul fit in with the other tools in the distro
First of all, Security Onion is a complete and capable NSM distro out of the box. Trisul can run alongside all the other tools without disturbing your running configuration. Trisul introduces traffic monitoring and overlaps with some tools in terms of function. Trisul introduces no conflicts, just another choice for you to get to the data.
Lets take a quick look at the overlaps :
- Traffic – No overlap with any tool. Use Trisul to monitor traffic patterns in real time and historical.
- Flows – Overlaps with Argus. Trisul tracks and stores all TCP/UDP flows just like argus and includes ability to pull packets from any flow.
- Real time Alerts – Overlaps with SGUIL. Trisul however has no workflow to escalate events.
- Historical Alerts – Overlaps with Squert.
- Packets – Overlaps with Daemonlogger/Snort. Trisul is a bit more advanced in it lets you specify rules to cut down storage + encrypts on disk caps.
- HTTP URLs – Overlaps with httpry
- DNS names – No overlap
Trisul is completely free to monitor a most recent 3-day window. The model we are following is Splunk’s. Give a highly usable product away for free but leave enough on the plate for us to do this full time. There are no nags or any weird tricks.