Trisul Remote Protocol

Write reusable scripts to automate network traffic and security monitoring tasks

A sample of the things you can do ..

  • Top applications between 8AM and 5PM yesterday
  • Pull all DNS packets from a specific IP
  • List all flows for an IP
  • Get PCAPs of all High priority alerts yesterday
  • List all flows for all internal IPs that generated alerts
  • Get 30 second traffic stats for over 100 meters for any item

Get started

This short step by step tutorial explains how you can get a ruby script running and exchange a simple HelloMessage with the Trisul server.

Documentation

Other links

Code samples

Ready to use sample code to get you started (Ruby).

Github We have a new Github repo trisul-samples with more samples

csx.rb

Find all HTTPS connections for a particular host, then extract the first 20K bytes of each flow. Finally use the Unsniff API to print out the certificate chain for each connection.

print_resources.rb

Print HTTP URLs seen by Trisul over a recent time interval. This is a step-by-step tutorial that also explains how to work with IPs and hostnames.

flows_for_ip.rb

View top 100 flows for an IP in a time window.

pcap_simple.rb

Get all SMTP and DNS packets in last one hour as a PCAP

traffic_volume.rb

Prints amount of data transferred per hour by any item such as an application, host, or MAC address. The output covers a month worth of data and is incremental. This script describes how you can work with traffic statistics.

usagetopapp.rb

Print top applications in entire time interval