Network Behavior Anomaly Detection (NBAD)
NBAD is a suite of application-layer and behavioral dashboards built into Trisul Network Analytics. It goes beyond raw traffic volume by providing deep visibility into how your network is being used like surfacing encrypted tunnels, peer-to-peer abuse, TCP health, HTTP activity, and protocol breakdowns in a single unified menu. The solution combines flow analytics, Layer 7 visibility, behavioral monitoring, traffic investigation, and alerting capabilities through a collection of Trisul Apps and dashboards.
NBAD Menu Overview
The NBAD menu is accessible from the left navigation sidebar. It groups the following dashboards:
| Dashboard | What it shows |
|---|---|
| Layer 7 Metrics | Application-layer breakdown: top apps, SNIs, TLS Root CAs, DNS traffic |
| HTTP Traffic | HTTP method, status code, content type, host, and URL-level visibility |
| IPv4 / IPv6 Dashboard | Side-by-side breakdown of IPv4 vs IPv6 host and application activity |
| Tunnels | Detection of encapsulated and tunneled protocols |
| DDoS Metrics | DDoS attack detection and analysis |
| P2P Analytics | Peer-to-peer traffic: BitTorrent, Tor, Gnutella, eMule, and more |
| TCP Analyzer | TCP health metrics: latency, retransmissions, timeouts, poor-quality flows |
| Flow Map | Live geographic map of network session flows |
| MITRE ATT&CK | Network activity mapped to MITRE ATT&CK techniques |