New Release Jan 07 2017 : Directly go to PCAPS, flow improvements

admin

Hello Trisul users,

A new build of Trisul Network Analytics is now available on http://trisul.org/download

This build features some very nifty updates on the User Interface apart from enhanced stability, better flow handling, and enhancements to the LUA and TRP APIs.

This build includes about a month of heavy development and bug fixes. All users should update to the latest version using the instructions in http://trisul.org/download/ ( apt-get and yum works great !)

RELEASE NOTES

Trisul Probe

Better TCP State Tracking. Introduce a new 30 sec "Half Timeout" if one side has closed the connection in addition to the normal 2 minute timeout.
More accurate reporting of Flow Payloads , previous versions were not taking into account padding bytes added in the network layer.
Improvements to streaming pipeline when network goes idle. In previous releases parts of the streaming engine stopped when not driven by stream of packets. Now we use a 1 sec metronome to keep it moving along. Useful for very sparsely loaded networks.
Download PCAP or Quick View PCAP headers no longer leave artifacts (temp files) behind in /tmp
Domain : Probe version now show in Admin table

Trisul Hub

Better algorithm when 'stitching' together flows that have timeout or half-timeout.

Web Trisul

NEW: Export table data to csv file for Flows,Resources and Alerts.
NEW Download PCAP added in context menu and Key Dashboard. This allows you to directly go to PCAPs from a number of stages in investigation.
Explore Flows/Investigate IP search filter added. You can drill down into flows by adding search filters as you go along instead of using the search box.
Tooltip added in context menu
Flow State and PCAP availability icon added in flow list. This lets you know just by looking at a flow table whether a PCAP is available for the time window involving the flow.
Flow details and Alerts details in Light Box
Table sorter icon added in table header
NEW: Alert count badge added in Top level menu Alerts->Show all
Several other performance enhancements such as better handling of Trisul domain timeouts

Please update your builds to this version.

Thanks,

Trisul Team