Flow based analysis is a critical part of deep network monitoring. Trisul not only stores the flows in a highly efficient manner but provides you dozens of tools to work with them. Trisul enables flow analysis in packet capture mode as well as Netflow mode.
You can do all of the following
- Record all flows, no summarization or roll ups
- Fast retrieval of flows
- Access to flows from alerts, traffic, end points
- Pull up PCAPs for any flow
- Flow Taggers – Tag flows automatically for future searches
- Flow Tracker – Track top flows that interest you
- Flow alerts – Get an alert when someone uploads 10MB out of your network
- Payload search – Reassemble TCP, HTTP and search inside flows
- Find out which flows caused a traffic spike
- View flow activity of a host or port in real time
- Jump from alerts to flows that caused them
- Search flows for IP
- Optimize full content storage (eg, store only first 1M of each flow)
Flows are a critical part of the emerging breed of monitor everything tools like Trisul. If you can isolate your concerns to a few flows, your network analysis task is almost done. Trisul helps you grapple with hundreds of millions of flows by including two flow processor tools called Flow Tracker and Flow Tagger These pick out interesting flows such as flows with most volume, duration, of a certain port range, or even to a certain country.
Meta Resources Logging certain types of metadata can greatly help you navigate flows and traffic. To this end Trisul logs all URLs from HTTP flows and all domain names from DNS packets.
Key features at your command :
- No roll ups → all flows, all alerts, all resources are stored – none deleted
- Scales → Designed for huge flow volumes of 100M flows per day and running for months
- Tools → Tools to work with flows included
- Extract and search on all URLs requested
- Extract and search all names found in DNS records
- Netflow → Trisul constructs flows from raw packets or from Netflow