Introducing TrisulNSM Docker – an all-in-one NSM platform
We are excited to announce TrisulNSM Docker This is a new Network Security and Traffic Monitoring (NSM) platform that includes everything you need in a single easy to use docker container.
What is included ?
TrisulNSM Docker includes the full range of collection capabilities you have come to expect in an alert-centric NSM system. In addition, it also gives you comprehensive network traffic visibility you may not have seen elsewhere. The entire package is built on Trisul’s powerful real time streaming analytics pipeline and database.
What you get immediately are :
- Full traffic monitoring 100s of traffic metrics from every angle
- Traffic alerts Alert on traffic, flows, malware activity
- Complete flow monitoring Record every flow with blazing fast retrieval
- Metadata Extract URLs, Certs, Files, .. with API to script your own
- Packet capture Sophisticated PCAP storage with best retrieval times
- NEW: Trisul EDGE a limited version of Trisul Edge, streaming graph analytics
- IDS alerts Also includes the awesome Suricata + ET community rules with auto refresh
- See Trisul Features for a complete tour
- BEST of all – everything is included and optimized. You dont need to mess with a complex storage backend with Kafka, Splunk, ELK or a SIEM.
What are the components ?
The Docker appliance integrates the following software.
- Trisul Network Analytics for traffic analytics, flows, packet storage, resource, scripting, web interface.
- Trisul Plugins : Geo , Badfellas (malware intel), Urlfilter (web category)
- Suricata IDS for IDS alerts. The output of Suricata is piped to Trisul using EVE JSON App
- Emerging Threats Open Rules for the ruleset. If you have an ET-PRO subscription, it is easy to plug that in.
Docker performance
This appliance is optimized for very high speed networks and high data volume. Try it to see for yourself.
How to run
Prerequisites : Docker should be installed on your distro.
This single command is all you need if port eth1 is connected to your network traffic.
sudo mkdir /opt/trisul6_root sudo docker run --net=host -v /opt/trisul6_root:/trisulroot \ -d trisulnsm/trisul6 --interface eth1
More links
- GitHub trisulnsm/docker instructions to run the appliance
- trisulnsm/trisul6 on Docker Hub
- Trisul Dev Wiki our new technical wiki for Trisul developers
We look forward to the NSM community using this new tooling.
Free Download Trisul 6.0 ! Ready to go packages for Ubuntu and CentO