Back end scripts
Back end scripts work on a stream of metrics.
Since the Backend scripts have a more relaxed time budget than the Frontend scripts, they can be incredibly powerful for data enrichment or to guide real time detection.
- Security – check Filehashes, hosts, IPs against blacklists
- Perform action on metric stream.
- Export alerts or flows to elastic search
- Custom thresholding code and generate statistics based alerting
- Export flows to elastic search or other platforms
Since Trisul Network Analytics is a streaming analyzer. You get a single pass over the streaming data. All your scripts must complete within a total time budget of 1 minute.
List of backend script types
The following script types are available – within each script type you listen to one streaming ‘topic’ or subset. If you want to monitor metrics for the Hosts counter group you would choose the cg_monitor script type and within that script listen to the Hosts stream.
|on a 1 minute timer you can support SNMP and other data input tools into Trisul
|Counter group metrics events
|Use for traffic, top-N, cardinality analytics
|On new flow, when flow is flushed,
|Process alerts in Lua
|HTTP requests, DNS events, TLS, File hashes stream
|Full Text Search docs
|Documents HTTP headers, full TLS Certs
|Create your own custom flow tracker – top-K flow snapshots