Trisul Network Analytics
Developer Zone

**This is an old revision of the document!** ----

====== Introduction to Trisul Scripting for Bro IDS users ====== Bro IDS is a popular open source network analysis platform. A key feature of Bro IDS is the custom BRO language that allows you to write scripts to enhance the functionality of the platform. Trisul Network Analytics is also a platform that can be extended by writing scripts. This page introduces the Trisul Scripting API for those who are already familiar with Bro IDS scripting. ===== Trisul API ===== The first thing to note is Trisul is not built on top of Bro, it is built from ground up to be a streaming analytics platform. Therefore we need a small tech introduction to Trisul first before diving into the Scripting details. * Trisul includes both the packet stream processing and the database function. You have to currently fit Bro into a backend such as ELK, Splunk, or other storage solutions. So Trisul scripts are of two categories - the packet pipeline and the analytics pipeline. * The packet pipeline deals with familiar concepts like handling packets, reassembled TCP segments and the like. * The analytics pipeline may be a new Bro scripters.