Telegram Zeek, you’re my main notice

Notices in Zeek Zeek’s Notice Framework enables network operators to specify how potentially interesting network findings can be reported. This decoupling of detection and reporting highlights Zeek’s flexibility: a notice-worthy event in network A may … Continue reading Telegram Zeek, you’re my main notice

What’s next for the National Cyber Director?

By Jean Schaffer, Federal CTO, Corelight As the first National Cyber Director begins to settle into office, private industry is very hopeful that this will be one of the turning points to solidify a true private/public partnership for raising the cyber… Continue reading What’s next for the National Cyber Director?

What the Cyber EO means for federal agencies

By Jean Schaffer, Federal CTO, Corelight For those of us who have spent our careers working in cybersecurity, President Biden’s recent “Executive Order on Improving the Nation’s Cybersecurity,” (EO) held no surprises. However, it is a step toward accel… Continue reading What the Cyber EO means for federal agencies

World’s first 100G Zeek sensor

By Sarah Banks, Senior Director of Product Management, Corelight As we finished rolling out Corelight’s v21 software release, which saw the delivery of the world’s first 100G, 1U Zeek sensor, I was reminded of when I’d first read the “100G Intrusion De… Continue reading World’s first 100G Zeek sensor

Introducing the C2 Collection and RDP inferences

By Vince Stoffer, Senior Director, Product Management, Corelight We’re excited to announce that the Command and Control (C2) Collection is now available with today’s launch of version 21 of the Corelight software. One of the most important ways that de… Continue reading Introducing the C2 Collection and RDP inferences

C2 detections, RDP insights and NDR at 100G

By John Gamble, Director of Product Marketing, Corelight Today I am excited to announce Corelight’s v21 release, which delivers dozens of powerful C2 detections, extends analyst visibility around RDP connections, and helps organizations scale network d… Continue reading C2 detections, RDP insights and NDR at 100G

How do you know?

By Charles Strauss, Senior Brand Copywriter, Corelight Can you be sure attackers aren’t hiding in your encrypted traffic? Can your investigators go back 18 months ago to find what they need? Do your DNS queries all have responses, and are they what you… Continue reading How do you know?

Pingback: ICMP Tunneling Malware

By Keith Jones, Anthony Kasza and Ben Reardon, Security Researchers, Corelight Introduction Recently, Trustwave reported on a new malware family which they discovered during a breach investigation. The backdoor, dubbed Pingback, executes on Windows sys… Continue reading Pingback: ICMP Tunneling Malware

CrowdStrike + Corelight partner to reach new heights

By Lana Knop, Chief Product Officer, Corelight Through our newly announced partnership with CrowdStrike, Corelight customers will be able to incorporate CrowdStrike’s best-in-class threat intelligence into Corelight Sensors to generate actionable alert… Continue reading CrowdStrike + Corelight partner to reach new heights

Community ID support for Wireshark

By Christian Kreibich, Principal Engineer, Corelight The past few weeks have seen several developments around Community ID, our open standard for rendering network traffic flow tuples into a concise textual representation. I’d like to summarize them in… Continue reading Community ID support for Wireshark