We are excited to announce the availability of Trisul Network Metering and Forensics. We believe this product will elevate network monitoring for both security and performance applications to a new level. Trisul tightly integrates traffic monitoring with flow analysis and raw packet archives. You can even add in alert data from intrusion detection systems, which is then immediately integrates with the other types of data. With everything enabled, Trisul enables you take implement the so called Network Security Monitoring discipline in your organization.
Trisul can be used in the areas of
- Network monitoring
- Security monitoring
- Incident response
- Retrospective analysis
- Network forensics
- Custom research of past traffic data sets
Key features include the following
Trisul measures over 120 traffic statistics at all layers in your network. These include simple statistics like Host Traffic, Host Connections, MAC Traffic to complex ones like Traffic by HTTP Content Type, Flow creation rate. You can create your own counting policies by a powerful rule based method. These traffic stats are stored unsummarized for long term storage in a format designed for quick reporting. In fact, you can use Trisul with only metering enabled and still get one of the best traffic monitors available today.
Includes a powerful bi-directional flow generator which stores every flow seen in a high performance data store. You can store billions of flows over months and still get a great response. The flow store is integrated with the metering information, alerts, and raw packets so you can jump from one to the other. Another key Trisul innovation is a flow tracker - which is a snapshot of interesting flows taken every 10 minutes.
A high performance flexible packet storage engine is the backbone of the Trisul forensics subsystem. You can apply a set of policies to include, exclude, or flow cap (eg: only store 10MB per flow) raw packets storage. The packets are encrypted before they are written to disk for added security. Trisul includes powerful tools to retrieve raw packets in tcpdump format or to play them back for deeper analysis using a feature we call "Cross Drill".
Trisul can accept IDS alerts and integrate them with the other types of data. Alerts and signatures turn into another type of meter. You can view alert trends, group and query alerts, pull up related flows, or get the pcap of the alert flow. Trisul also supports malware alerts from a plugin called Badfellas, threshold crossing alerts, and flow tracker alerts.
Web and Script interface
All interactions are via a powerful web interface with completely configurable dashboards, users, and permissions. You also get advanced features like PDF reporting, and emailing reports. For the serious researcher we offer a remote scripting interface called Trisul Remote Protocol. This allows you to query and retrieve data from Trisul using a language like Ruby.
Trisul is a high performance, multi core enabled server designed to deliver top notch performance. It can run on your hardware and does not require expensive database of third party licenses. This makes Trisul very reasonable to own and operate without compromising on performance or scale. We want Trisul to run on as many networks as possible - so we also offer a free license. See next section.
Free for a 3-day rolling window
You can download Trisul and run it completely free. No nags or crippled functionality. However, only the most recent 3-days are available for analysis in the free version. You can remove that restriction by purchasing a key - which is really affordable.
Further links :
You can read more about Trisul from the product page
You can register and download the latest Ubuntu 10.04 or Centos 5.5 64-bit images from the product page
Check out our recent blog posts on Trisul
Read product documentation