Trisul Remote Protocol
Write reusable scripts to automate network traffic and security monitoring tasks
A sample of the things you can do ..
- Top applications between 8AM and 5PM yesterday
- Pull all DNS packets from a specific IP
- List all flows for an IP
- Get PCAPs of all High priority alerts yesterday
- List all flows for all internal IPs that generated alerts
- Get 30 second traffic stats for over 100 meters for any item
This short step by step tutorial explains how you can get a ruby script running and exchange a simple HelloMessage with the Trisul server.
Ready to use sample code to get you started (Ruby).
Github We have a new Github repo trisul-samples with more samples
Find all HTTPS connections for a particular host, then extract the first 20K bytes of each flow. Finally use the Unsniff API to print out the certificate chain for each connection.
Print HTTP URLs seen by Trisul over a recent time interval. This is a step-by-step tutorial that also explains how to work with IPs and hostnames.
View top 100 flows for an IP in a time window.
Get all SMTP and DNS packets in last one hour as a PCAP
Prints amount of data transferred per hour by any item such as an application, host, or MAC address. The output covers a month worth of data and is incremental. This script describes how you can work with traffic statistics.
Print top applications in entire time interval