Table of Contents

Script examples

Explains various programming techniques with real examples.

Where to find more Trisul scripts

The following locations contain working Trisul LUA scripts

  1. Trisul Apps : Working scripts ready to install in production environments as Trisul APPS
  2. Trisul-Scripts - Samples in the trisul-scripts repository
  3. BITMAUL examples - Protocol dissection LUA scripts

UA-Parser

Demonstrates how to scan Intel artifacts against hundreds of regexes using Google RE2

Trisul script to use UA-Parser regex to track HTTP User Agents

QUIC analyzer

A G-QUIC (Google QUIC) analyzer that parses a UDP-443 protocol, extracts indicators, and certificates. Learn how to use LuaJIT FFI to work with decompression, BITMAUL to parse protocols, etc.

Explains the Trisul Google QUIC protocol analyzer script

Strelka

Strelka is a file scanning framework. This little script integrates Trisul File Extraction with Strelka scanning. The scan results in the form of JSON is fed back into Trisul as resources for search, alerting, or analysis.

Send files extracted from network to a Strelka cluster and feed back results