Trisul Network Analytics
Developer Zone

**This is an old revision of the document!** ----

====== Introduction to Trisul Scripting for Bro IDS users ====== Bro IDS is a popular open source network analysis platform. A key feature of Bro IDS is the custom BRO language that allows you to write scripts to enhance the functionality of the platform. Trisul Network Analytics is also a platform that can be extended by writing scripts. This page introduces the Trisul Scripting API for those who are already familiar with Bro IDS scripting. ===== Trisul API ===== Trisul is built from ground up to be full streaming analytics platform. This includes both the packet analytics and the streaming database. This can be a bit confusing to Bro scripters who focus on generating logs. In Trisul , you work with metrics and other data types like resources, flows, documents, graphs. We will get to them later. To illustrate with an example. **Say you are calculating TLS Fingerprints from network traffic** * In Bro, you will write scripts to add the fingerprint to the connection/flow log. * In Trisul, you would create a new counter group for TLS Fingerprints and count each print there. You can also mark the flows like Bro, or create graph edges, but the main focus is on metrics.