Trisul Network Analytics
Developer Zone

User Tools

Site Tools

You are here: Home » Scripting » Introduction to Trisul Scripting for Bro IDS users
Trace:
scripting:introbro

Differences

This shows you the differences between two versions of the page.

Link to this comparison view

Both sides previous revisionPrevious revision
scripting:introbro [2018/09/28 23:18] veerascripting:introbro [2024/06/04 17:08] (current) thiyagu
Line 15: Line 15:
 ^ Feature ^ Bro ^ Trisul ^ ^ Feature ^ Bro ^ Trisul ^
 |language | .bro language | LuaJIT  | |language | .bro language | LuaJIT  |
-|docs|[[https://www.bro.org/sphinx/scripting/index.html#understanding-bro-scripts|Bro Scripting]]|[[https://www.trisul.org/docs/lua/|Trisul LUA API]] |+|docs|Bro Scripting|[[https://www.trisul.org/docs/lua/|Trisul LUA API]] |
 |protocol decoding | Bro framework provides fine grained events representing protocol fields to your script.  | Trisul framework provides a lower level access to the payload itself, or for some common protocols the results of Trisul's built in dissection. Decoding a payload isnt as hard as it sounds, we released the open source [[https://github.com/trisulnsm/bitmaul|BITMAUL library]] to dissect protocols to the depth you want. | |protocol decoding | Bro framework provides fine grained events representing protocol fields to your script.  | Trisul framework provides a lower level access to the payload itself, or for some common protocols the results of Trisul's built in dissection. Decoding a payload isnt as hard as it sounds, we released the open source [[https://github.com/trisulnsm/bitmaul|BITMAUL library]] to dissect protocols to the depth you want. |
 |events | fine grained "typed" events. For example ''dns_A6_reply(..)'' event contains parsed fields for the DNS AAAA reply record |loose documents in a canonical text format.  In Trisul, //DNS Resource// is a text dump of a DNS transaction in a canonical DIG format. You can pick the fields you want using Regex. This means you have a dramatically lower number of events to deal with and are free to decode packets to the depth you want.    |events | fine grained "typed" events. For example ''dns_A6_reply(..)'' event contains parsed fields for the DNS AAAA reply record |loose documents in a canonical text format.  In Trisul, //DNS Resource// is a text dump of a DNS transaction in a canonical DIG format. You can pick the fields you want using Regex. This means you have a dramatically lower number of events to deal with and are free to decode packets to the depth you want.   
scripting/introbro.1538156931.txt.gz · Last modified: 2018/09/28 23:18 by veera