Analysis Tools Reference

Trisul offers a suite of tools, which are specialized utilities designed to analyze, process, and act upon network data, including packets, flows, and logs. These tools serve various purposes, such as extracting insights, detecting issues, and taking actions.

The following tools have already been comprehensively documented, providing detailed information on their functionalities and configurations. Click on any tool to explore them.

• 📝 Flow Tracker
• 📝 Flow Tagger
• 📝 Real Time Stab Toppers
• 📝 Edge Graph

Moving forward this guide will explore the remaining undocumented tools within the Trisul platform.

📄️ Explore Flows

Explore Flows is a powerful, fast, and general-purpose search tool designed for in-depth inspection and analysis of network traffic flows. This comprehensive feature enables users to scrutinize individual network flows, examine packet-level and netflow data, and identify potential security threats or performance issues.

📄️ Aggregate Flows

The Aggregate Flows tool enables you to query network flow data and displays summarized statistical information for each unique tuple. The output is presented in a tabular format, with separate tables for each parameter (tuples like source ip, source port, destination ip,etc) providing a comprehensive view of the aggregated data.

📄️ Long Term Traffic

The Long Term Traffic Tool in Trisul allows you to analyze and visualize network traffic patterns of a particular item over extended periods, typically weeks, months, or even years. This feature is also available on the Module templates if you would like to monitor long term traffic of a particular item on a regular basis.

📄️ Monthly Charts

Monthly charts in Trisul are calendar-based data visualization where you can visualize daily aggregated network traffic data for specific meters and items on a calendar interface.

📄️ Payload Search

PCAP Mode Only

📄️ Search Key Space

The Search Key Space tool allows you to search for activity for a range of keys lying within a certain lexicographic key space. The most useful application of this is to search for all activity within arbitrary IP network blocks.

📄️ Rule Builder

The Rule Builder is a powerful tool designed to help you create, manage, and deploy custom rules for various applications, including flow taggers, custom metering,etc. With the Rule Builder, you can define specific conditions to identify and act upon relevant data for streamlining your analysis.

To access the complete toolset, navigate to the main menu in Trisul, where you will find the Tools option. Clicking on this option will reveal a dropdown menu listing all available tools as in the figure.

Figure: Tools