What can you do with TrisulTrisul can be used in a number of applications. Incident Response : Network security monitoringThe NSM (Network Security Monitoring) discipline focuses on collecting all data and providing the incident analyst the maximum contextual information just when he needs it. You can use Trisul to perform the deep metering of traffic, monitor flows, store PCAPs and also accept IDS alerts via a Unix Socket from Snort or Barnyard2. The alerts show up in Trisul and you can pull up flows and raw content. You can also write scripts to automate this data mining using Trisul Remote Protocol + a script language like Ruby/Python. Other interesting features :
Network Usage Monitor : Long term comprehensive and flexible metering at all layersYou can put Trisul's powerful network metering to work by using it as a network bandwidth monitor. Over 100+ statistics are tracked from the link layer up. You can use threshold crossing alerts and custom rule based metering to get an even more accurate view of network traffic. You can also set it up to email you daily PDF reports of network usage. Offline analysis : Process terabytes of PCAP dumpsTrisul can import terabytes of PCAP dumps. The raw packets are analyzed for traffic statistics, flows and resources extracted, You can then navigate the PCAP dump by drilldown / pivot on various statistics and then pulling up the raw packets for further analysis using Unsniff Network Analyzer or Wireshark. You can also automate the whole thing. For example you can write a script that "Give me all the packets that were part of HTTP flows that requested a *.DLL resource ?" Netflow Analyzer : High performance netflow analyzerYou can also send Netflows to Trisul instead of raw packets. Trisul computes global network meters based on these flows. Advanced policies allow you to customize Trisul for an ISP scenario. A high performance multi threaded native server, Trisul can easily process flow rates of 50K flows / sec.
|