New Trisul Release 6.5, Aug 21 2018. UI Improvements, better security alerts

admin

Hi Trisul Users,

Network Security Monitoring and Traffic Analytics just got easier and a lot more fun.

We are pleased to announce the immediate availability of a new release of Trisul Network Analytics Existing users are encouraged to immediately upgrade to this release to take advantage of several security and performance improvements. Also check out our trisulnsm Github page for new releases of Trisul APPs.

A short list of important new features and bug fixes.

TRISUL-PROBE

FEATURE: Now supports multiple unix domain sockets to ingest from IDS
FEATURE: NXDOMAIN and other DNS failures triggers a minor alert
FEATURE: Improved performance when showing total count of Resource/FTS/Alerts
FEATURE: AF_PACKET Is now recommended as default with one InflightToken
SCRIPTING: Protocol handler automatically attaches to parent protocol id
SCRIPTING: Added logwarning() loginfo() and other helpers
SCRIPTING: Released the BITMAUL protocol dissector library
SCRIPTING: filter(..) methods for flows, resources, fts changed to reflect voting among multiple scripts
CLI: new checklicense command
CLI: changeuser domain .. , single command to changeover entire domain to a new linux user from default trisul.trisul
CLI: stop context all@probe0, keyword all added to domain nodes to stop/start/info all contexts on a node
CLI: Added help commands to all CLI trisulctl_probe commands
NETFLOW: Added option IgnoreEgress option to skip redundantly configured Egress NF9/IPFIX
NETFLOW: IPFIX template issue, support PEN (Private Enterprise Number)
NETFLOW: Error fixed with Huawei Netstream v9

TRISUL-HUB

FEATURE: Resources now partitioned by time to improve performance even further
FEATURE: AddLayer to add a new probe
FEATURE: Max number of probes per Hub increased to 16 in non-Enterprise
FIX: Trisul Cachebuild can crash under some conditions, fixed.

WEBTRISUL

FEATURE: Brand new Time Selector
FEATURE: Brand new Retro Chart to see historical traffic charts, select Retro->New Retro Tools
PERF: Much improved Resources (Logs) page loads 10x faster showing total counts in under 2 seconds
UI: Circle Data Points option shows pretty points you can hover and get the Time/Value
APP: Nested app directories supported
FEATURE: Email log shows sent emails
FEATURE: Enable/Disable user - use case customer login
FEATURE: Dashboard creation made easier with boxes for every position
FEATURE: Cardinality counters proper description is now showin Retro Counters
Plus dozens of other smaller fixes

APPS

Trisul APPS are free extensions for real time analytics and visualization

NEW APP: IOC-Harvestor pulls out network artifacts from multiple streams
NEW APP: IP2LOCATION based Geo Metering. Adds ASN, COUNTRY, CITY, PROXY info
NEW APP: AlienVault OTX integration to check your traffic against threat indicators
NEW APP: HTTP-Proxy app when deployed in a proxy environment
NEW APP: Edge Vertex monitor shows volumes for each vertex
UPDATED: JA3 Server signature added to TLS Fingerprint
UPDATED: PCAP Totals dashboard shows all metrics in one place

Not on Trisul yet? Go to Trisul Downloads to get started.

Cheers,

Team Trisul