Monitoring all traffic metrics about all entities, such as hosts, ports, MACs, is the central task of Trisul. These metrics are stored raw for months without any rollups which allow for lossless retro analysis. Realtime stabbers allow you to check usage of any item to a 5-sec window. Learn more about Traffic Monitoring with Trisul

Flows are a critical part of Trisul’s monitor everything approach. Trisul stores all flows and provides a number of tools to help you drill up and sideways. Move frrom flows to alerts, URLs, and packets. Read more about Flow Analysis

The ability to summon network packets is a key capability of network security monitoring. Trisul stores all packets in an AES-128-CTR format. Powerful filters make it easy to exclude or flow cap trusted traffic. Pull up packets from a variety of contexts like traffic, flows, alerts.Read more about Packets

Retro analysis is the act of investigating past network events. Select a timespan and ask Trisul about traffic, flows, and even retrieve packets. Retro Q&A is a set of carefully chosen packaged analysis for you. Also on tap are 80+ ready to use reports which can be e-mailed to you as a PDF daily.

Have you ever compared your network traffic against the latest malware, botnet, scanner, spammers blacklists ? You should. Also integrate in IDS alerts from Snort or Suricata with traffic data. Our users love the real time security dashboard which you can put up on a wall display. More on alerts

Are you an advanced analyst tired of clicking or mucking with command lines ? If you are you will love the Trisul Remote Protocol (TRP) API. You can write tiny scripts in Ruby to securely communicate with a number of Trisul probes and perform your analysis. We prefer Ruby although others are supported. Learn more about scripting