Differences

This shows you the differences between two versions of the page.

--- offline:wrccdc_pcaps_results [2018/05/12 23:52] – [Explore flows] veera
+++ offline:wrccdc_pcaps_results [2018/05/12 23:55] – [File extraction] veera
@@ Line 79: / Line 79: @@
 ==== Trisul EDGE: Graph analytics discover relationships ====
+We recently added Graph Analytics to Trisul. This solves a common question that analysts ask from any "key" - "what is related to this". For example you can be looking at the country metrics for Kenya and ask "What are the hosts, apps, external hosts, TLS" connected to this country.  In search based solutions, this is typically by enriching the logs (an expensive operation).  ALL metrics in Trisul are enabled with this feature.  This is right now our preferred place to start drilldowns.
 [{{ :offline:w20.png?400 |Click on any key to reveal neighbors, then finally jump to flows }}]
@@ Line 92: / Line 94: @@
 [{{ :offline:wrccdc2.png?direct&400 |From any place you can grab the packets, if you think the volume can be handled by Wireshark}}]
-==== File extraction ====
-<code>
-DOCKER:unpl:root savedfiles$ ls /tmp/savedfiles/*.exe -l
--rw-r--r-- 1 trisul trisul   287392 May 11 12:52 /tmp/savedfiles/00_00_f91a_10.128.0.201__PsGetsid.exe
--rw-r--r-- 1 trisul trisul   287392 May 11 12:52 /tmp/savedfiles/00_00_fb80_10.128.0.201__PsGetsid.exe
--rw-r--r-- 1 trisul trisul 12582912 May 11 12:52 /tmp/savedfiles/00_01_dbcf_10.150.0.70__chocolate_debug.exe
--rw-r--r-- 1 trisul trisul 42846720 May 11 12:52 /tmp/savedfiles/00_01_df63_10.150.0.70__chocolate_debug.exe
-DOCKER:unpl:root savedfiles$
-</code>