Request Trial

Documentation

FAQ

Get Latest Builds

Trisul customers please login to access latest builds



Trisul Logo

 Trisul Network Metering and Forensics
A monitoring centric approach to network security
Trisul is a Linux based 24x7 system that dramatically enhances visibility into your current and historical network traffic. It allows security teams to work more efficiently by performing the tedious work of correlating traffic statistics with flow activity, security alerts, and raw packet data.

Long term fine grained statistics

Quickly pull up long term reports of  100+ metrics across dozens of groups like Hosts, Applications, Network,Link Layer activity, Subnets,etc. Track millions of items in each group over months.

NSMTrisul


trisulparts

Tightly correlated information aids incident investigation

Investigating a traffic spike ? Drill down to contributing hosts, then sideways to applications. Then drill down to flows and alerts. Finally isolate and pull up the raw packets.

Zero data loss helps retrospective analysis

Missing that crucial piece of information, just when you need it. Summarized data is sure to let you down. Trisul stores unsummarized, yet serves up impressive performance.

Alerting on session activity and usage parameters

Notifies you on usage threshold crossings or suspect user activity.

Linux based cost effective solution

Trisul is available on Linux as a self contained software solution. No expensive third party databases are required.
 

Key Features

  • CentOS/Fedora 32/64 bit solution
  • Intuitive Web GUI
  • Consumes raw packets (for full feature set) or Netflow
  • Zero loss correlation of statistics with flows, content, alerts, resources
  • Optimized content storage policies
  • Create your own metering policies
  • Over 100 meters enabled out of the box
  • Email PDF reports, threshold crossing alerts,
  • User permissions levels

Applications

You can deploy a subset of features to best match your particular security application. Some typical combinations are

Network bandwidth monitoring

(Content, sessions, and alerts disabled)

Provides you multiple levels of insight into network utilization.  Utilization patterns over time, topper lists, retro analysis, flexible user defined metering. Threshold alerting and emailed reports.

Extrusion monitoring

(Content and alerts disabled)

You get all benefits of bandwidth monitoring, plus flow knowledge.  You can drill down to exactly what a station was doing at any point in the past. With flow trackers, you can setup alerts when suspicious extrusion activity occurs.

Full blown security monitoring

(Everything turned on)

All benefits of statistics and flows plus the ultimate ability to pull up actual packets for deep analysis.

Sitemap | Privacy

Copyright (c) 2009-10 Unleash Networks