5.8. Module Templates

You can create your own module by creating an instance of a module template.

This is a list of all module templates supported by Trisul.

ID Type of data Link
1 Topper Current toppers in a list
2 Topper Current toppers in a chart
3 Topper Retro toppers in a list
4 Topper Retro toppers in a chart
5 Topper Recent toppers in a list
6 Topper Current toppers history
7 Topper Retro toppers history
8 Topper Browse toppers
9 Specific item Recent key history chart
10 Specific item Show key details
11 Specific item Retro analysis time selector
12 Specific item Key history flexible charting tool
13 Specific item Key calendar
14 IDS Alerts Recent IDS alerts – raw
15 IDS Alerts Recent IDS alerts – aggregated
16 Miscellaneous Network stats
17 Miscellaneous System stats
18 Miscellaneous Network, system, database stats
19 Flows Session Trackers in custom time interval
20 Flows Recent top sessions
21 Flows Top sessions for a key
22 TCA Alerts Recently fired threshold crossing alerts
23 Retro analysis Standard retro analysis paths
24 Retro analysis Retro analysis of an IP
25 Retro analysis PDF report for an IP in selected time interval
26 Retro analysis Counter group retro analysis
27 Retro analysis Explore retro
28 Retro analysis Netflow retro
29 IDS Alerts Alerts for a specific key
30 Retro analysis Investigate application users
31 Retro analysis Most active sessions
32 Retro analysis Security
33 Scatter Retro Scatter
34 Flexible Chart Chart anything
35 Custom HTML Any Custom HTML text
36 Pull packets retro Pull out raw packets in a timeframe and filter
37 Flow Tracker Alerts Recently fired flow tracker alerts
38 Blacklist alerts Recent alerts from badfellas plugin
39 Flow tracker List of flow trackers
40 App In/Out Trend Top applications into and out of your network
41 Retro analysis Network FAQ
42 Topper Trends IDS Alerts by sigid
43 Retro analysis Traffic trends of a particular item
44 Retro analysis Drill down into a counter group
45 TCA details TCA Alerts for a item
46 Retro usage counter group to view top users by various meters

5.8.1 Module Parameters

Every module has a set of parameters that controls what is displayed and how it is displayed.

Common parameters

Parameter name Type Default value Description
name string - Module name
topcount integer 10 Show these many items in the list
cgguid counter guid - Show toppers from this counter group
statid integer 0 Meter ID within the counter group
recent_secs integer 900 shows the data for past x seconds

Charting related

Parameter name Type Default value Description
width integer 400 Chart width
height integer 250 chart height
surface string - Chart type
bucket_size integer 30 Traffic data is bucketized (averaged) over this many seconds
title string - Module title

Flow related

tracker_id integer -

Ajax

Parameter name Type Default value Description
ajaxfreq integer 30 seconds Auto update this module every x seconds
ajaxurl string - The url want to auto update

Toppers related

Parameter name Type Default value Description
cullcount integer 0 Shows toppers eliminating the top x items in a list
units string Displays the volume of data by metric standards(eg Kbps or Gbps)

Miscellaneous

Parameter name Type Default value Description
transformer string OctetToBits.new
resolve_key integer 1
fix_scale integer 0
show_dpi_marker integer
key string
month_count integer 3 Display the calendar with x months
window_seconds integer

5.8.2 Current toppers in a list

Display the current toppers in a counter group in a list.

Parameters

Parameter name Type Default value Description
name string - Module name
topcount integer 10 Show these many items in the list
cgguid counter guid - Show toppers from this counter group
statid integer 0 Meter ID within the counter group
ajaxfreq integer 30 seconds Auto update this module every x seconds

5.8.3 Current toppers in a chart

Draw the chart for current toppers in a counter group

Parameters

Parameter name Type Default value Description
name string - Module name
topcount integer 10 Show these many items in the list
cgguid counter guid - Show toppers from this counter group
statid integer 0 Meter ID within the counter group
width integer 440 Chart width
Height integer 250 Chart height
surface string PIE Chart type

5.8.4 Retro toppers in a list

List the toppers for the selected time interval

Parameters

Parameter name Type Default value Description
cgguid Countegroup guid - Show toppers from this counter group
topcount integer 10 Show these many items in the list
units string -
statid integer 0 Meter ID within the counter group

5.8.5 Retro toppers in a chart

Draws the chart for the selected time interval

Parameters

Parameter name Type Default value Description
topcount integer 10 Show these many items in the list
cgguid counter guid Show toppers from this counter group
statid integer 0 Meter ID within the counter group
width integer 440 Chart width
Height integer 250 Chart height
surface string PIE Chart type
units String -

5.8.6 Recent toppers in a list

Recent list of toppers in 15 minutes

Parameters

Parameter name Type Default value Description
topcount integer 10 Show these many items in the list
recentsecs integer 900 shows the recent data for the specified no.of seconds
units string B
statid integer 0 Meter ID within the counter group

5.8.7 Current toppers history

Draw charts for toppers in 15 minutes

Parameters

Parameter name Type Default value Description
topcount integer 10 Show these many items in the list
cullcount integer 0
statid integer 0 Meter ID within the counter group
width integer 400 Chart width
height integer 250 Chart height
bucketsize integer 30
surface string STACKEDAREA Chart type
transformer string OctetToBits.new
recentsecs integer 900 Shows the data for the specified no.of seconds
title string Topper History Title of the module

5.8.8 Retro toppers history

Chart the toppers for the selected interval

Parameters

Parameter name Type Default value Description
topcount integer 10 Show these many items in the list
cullcount integer 0
statid integer 0 Meter ID within the counter group
width integer 400 Chart width
height integer 250 Chart height
bucketsize integer 30
surface string STACKEDAREA Chart type
transformer string OctetToBits.new
recentsecs integer 900 Shows the data for the specified no.of seconds
name string - Name of the module

5.8.9 Browse Toppers

Display the browse toppers in a counter group in a list.

Parameters

Parameter name Type Default value Description
name string - Module name
topcount integer 10 Show these many items in the list
cgguid counter guid - Show toppers from this counter group
statid integer 0 Meter ID within the counter group

5.8.10 Recent key history chart

Draws the chart for recent data

Parameters

Parameter name Type Default value Description
key string -
guid GUID - Show toppers from this counter group
width integer 350 Chart width
height integer 150 chart height
bucketsize integer 30
ajaxfreq integer 30 Auto update this module every x seconds
title string Module title
statids string 0,1,2 Meter IDs within countergroup
recentsecs integer 21600 seconds Draws the chart for recent x seconds
surface string SQUARELINE Chart type

5.8.11 Show key details

Shows the key ans label for the particular item

Parameters

Parameter name Type Default value Description
investigation_window_seconds integer 900 Activity of the key in x seconds

5.8.12 Retro analysis time selector

Time selector

Parameters

statids string 0 Meter IDs within the counter group
width integer 500 Time selector width
bucketsize integer 30
height integer 150 Time selector height
surface string SQUARELINE Type
key string TOTALBW
cgguid string Shows the time selector for this counter group
name string - Module name
window_seconds integer 86400 display the time selector for x seconds
fix_scale integer 0
show_dpi_marker integer 1

5.8.13 Key history flexible charting tool

Draw the chart for particular item with selected Meters

Parameters

Parameter name Type Default value Description
window_secs integer 900 Draw chart for x seconds

5.8.14 Key calendar

Display the calander

Parameters

Parameter name Type Default value Description
mount_count integer 3 Display the calendar with x months

5.8.15 Recent IDS alerts -raw

Display all the IDS alerts

Parameters

Parameter name Type Default value Description
topcount integer 10 Shows these many items in the list
resolve_key integer 1

5.8.16 Recent IDS alerts -aggregated

Display all the unique IDS that triggered alerts|

Parameters

Parameter name Type Default value Description
topcount integer 10 shows these many items in the list
recent_secs integer 216000 Display alerts for x seconds

5.8.17 Network stats

Display the information about networks

Parameters

Parameter name Type Default value Description
ajaxfreq integer 30 Auto update every x seconds

5.8.18 System stats

Display the information about system

Parameters

Parameter name Type Default value Description
ajaxfreq integer 30 Auto update every x seconds

5.8.19 Network,system,dataabase stats

Bandwidth, CPU, Memory of Trisul Server

Parameters

Parameter name Type Default value Description
ajaxfreq integer 30 Auto update every x seconds

5.8.20 Session Trackers in custom time interval

Display the session activity(traffic,etc..)

Parameters

Parameter name Type Default value Description
tracker_id integer 1 Session tracker ID
window_seconds integer 3600
topcount integer 5 shows these many items in the list
recentsecs integer 900
resolve_key integer 1

5.8.21 Top sessions for a key

Recent flow activity

Parameters

Parameter name Type Default value Description
topcount integer 10 shows these many items in the list
windows_seconds integer 300
resolve_key integer 1

5.8.22 Recently fired threshold crossing alerts

Shows the recently fired threshold crossing alerts(this module works if and only if TCA alerts are set for an entity)

Parameters

ParameterName Type DefaultValue Description
ajaxfreq integer 30 Auto updates the module every x-seconds
maxcount integer 10 No. of TCA’s to be shown(sorted by high to low)

5.8.23 Standard retro analysis paths

Conventional method for viewing the history .The user can view the history of an app/host in a selected time window

Parameters

ParameterName Type DefaultValue Description
- - - -

5.8.24 Retro analysis of an IP

Used to view history of a particular host(Internal/External)

Parameters

ParameterName Type DefaultValue Description
- - - -

5.8.25 PDF report for an IP in selected time interval

Generates PDF reports for a host for a selected time interval

Parameters

ParameterName Type DefaultValue Description
- - - -

5.8.26 Counter group retro analysis

Used to view the history of an entire counter group for the selected time window

Parameters

ParameterName Type DefaultValue Description
- - - -

5.8.27 Explore Retro(defunct)

Used to explore the history for particular app/host in a selected time interval

Parameters

ParameterName Type DefaultValue Description
- - - -

5.8.28 Netflow Retro(defunct)

Dedicated history analysis for NETFLOW based counter groups(this module works if and only if TRISUL runs in NETFLOW mode)

Parameters

ParameterName Type DefaultValue Description
- - - -

5.8.29 Alerts for a specific key

Shows IDS based alerts for a specific key , for a specified time period

Parameters

ParameterName Type DefaultValue Description
window_seconds integer 86400 Shows all alerts fired in the given time period(specified in seconds)

5.8.30 Investigate application users

Gives an in depth view of all the users of a particular app(eg.HTTP/SSH) for a time interval

Parameters

ParameterName Type DefaultValue Description
- - - -

5.8.31 Most active sessions

Gives an in sight of the top sessions in a selected time window(sorted by volume)

Parameters

ParameterName Type DefaultValue Description
- - - -

5.8.32 Security

In depth security analysis,view all the alert based counter groups (IDS,TCA,Malware,Flow Tracker) all together

Parameters

ParameterName Type DefaultValue Description
- - - -

5.8.33 Scatter

Plots a chart for the different alert counter groups for a time interval , shows alerts for a default 6hrs interval

Parameters

ParameterName Type DefaultValue Description
guid string Alert Signatures Security countergroup,which shows all types of alerts
statid integer Meter ID within the countergroup 0
width integer 400 Holds the chart width
height integer 600 Holds the chart height
cullcount integer 10
bucketsize integer 30 This parameter is necessary if the chart type is STACKEDAREA
surface string BUBBLE Deals with the charting type
recentsecs integer 86400 Time window
title string Alert Distribution Deals with the title of the module

5.8.34 Chart Anything

Also known as Flexi Chart

Chart any combination of items you want on any chart surface.

Parameters

ParameterName Type DefaultValue Description
width integer 350 Chart width in pixels (leave blank for autosize)
bucketsize integer 30
height integer 150 Chart height in pixels
surface string AREA Chart type
title string ‘My Chart’ Module title
models JSON string A JSON string representing an array of chart items

5.8.35 Investigate Flow Tracker

Parameters

ParameterName Type DefaultValue Description
- - - -

5.8.36 App In/Out Trend

Parameters

ParameterName Type DefaultValue Description
Topcount Integer 10 Draws chart for this many items
Cullcount Integer 0 hows toppers eliminating the top x items in a chart
Width Integer 200 Width of the chart
Height Integer 250 Height of the chart
Bucketsize Integer 30
Surface String STACKEDAREA Chart surface type.See charts section for more
Recentsecs Time 6 Hour Draws chart for recent 6 hours

5.8.37 My Favorites

See favorites section for more

Parameters

ParameterName Type DefaultValue Description
- - - -

5.8.39 Analyze with key

Parameters

ParameterName Type DefaultValue Description
- - - -

5.8.40 Cross drill

Parameters

ParameterName Type DefaultValue Description
- - - -

5.8.41 Show TCA details

Parameters

ParameterName Type DefaultValue Description
Topcount Integer 10 Shows these many items in the list

5.8.42 Explore Retro usage

Parameters

ParameterName Type DefaultValue Description
- - - -

The Models parameter

The models parameters is a JSON string representing an array of

Each item in the array consists of :

Counter Group ID A GUID representing a counter group – see here for a list
Key A key within the counter group (eg a Host, Application, Subnet) etc
Meter ID A meter ID – eg Bytes In/ Connections etc
Label as it appears on chart Label for this item

For example if you want to plot Inbound Vs Outbound traffic relative to your home network.

Copy"[[\"{393B5EBC-AB41-4387-8F31-8077DB917336}\",\"DIR_INTOHOME\",0,\"Inbound\"],
  [\"{393B5EBC-AB41-4387-8F31-8077DB917336}\",\"DIR_OUTOFHOME\",0,\"Outbound\"]]"