Monitor information flows using the new Cross Keys feature
We are excited to introduce a powerful new feature called Cross Keys. This feature allow you to meter and visualize arbitrary information flows which is not feasible with any other method without throwing heavy hardware resources at it.
How Cross Keys counter groups work
Trisul is a real time streaming analytics platform. This means all metrics, flow based analytics, detection, are computed in real time within a time budget unlike search, database, or log analytics platforms. By default, 200+ traffic metrics provide the baseline visibility into your network. These are grouped together as Counter groups.
Shown below is the Internal Hosts counter group. This group meters about 18 metrics for all hosts that fall within the Home Networks
Next, here is the External Hosts counter group.
With the new CrossKeys feature you can create a counter group that does a cross product of the Internal Hosts X External Hosts
In the figure below, observe the keys. They track the traffic flow for the Internal x External hosts.
You can even do this with three counter groups , say InternalHosts X Applications X ExternalHosts
Note on cardinality : If you create a crosskeys group from two groups with cardinality C1 and C2, then the new Cross Keys counter group will have a cardinality of C1xC2 Trisul can handle very high cardinality counter groups you can adjust the settings if you desire
Visualization app
The cross keys counter group meters a flow graph. The tabular form for visualizing is not very suitable. The SANKEY diagram provides the best visualization of these flows. We are also releasing a new Sankey Cross Key Trisul APP which brings this feature to you.
Other features in new release
Other features in the new release include Export to XLSX for many reports, new Netflow features, and other additions which we will describe in detail shortly. Release notes
Happy monitoring!
