Telegram Zeek, you’re my main notice

Notices in Zeek Zeek’s Notice Framework enables network operators to specify how potentially interesting network findings can be reported. This decoupling of detection and reporting highlights Zeek’s flexibility: a notice-worthy event in network A may … Continue reading Telegram Zeek, you’re my main notice

Detecting CVE-2021-31166 – HTTP vulnerability

By Ben Reardon, Corelight Security Researcher In this blog we aim to provide a little insight into part of the lifecycle of Corelight Lab’s response to a critical HTTP vulnerability. We’ve open-sourced many such responses over the last year (see Append… Continue reading Detecting CVE-2021-31166 – HTTP vulnerability

What the Cyber EO means for federal agencies

By Jean Schaffer, Federal CTO, Corelight For those of us who have spent our careers working in cybersecurity, President Biden’s recent “Executive Order on Improving the Nation’s Cybersecurity,” (EO) held no surprises. However, it is a step toward accel… Continue reading What the Cyber EO means for federal agencies

World’s first 100G Zeek sensor

By Sarah Banks, Senior Director of Product Management, Corelight As we finished rolling out Corelight’s v21 software release, which saw the delivery of the world’s first 100G, 1U Zeek sensor, I was reminded of when I’d first read the “100G Intrusion De… Continue reading World’s first 100G Zeek sensor

Introducing the C2 Collection and RDP inferences

By Vince Stoffer, Senior Director, Product Management, Corelight We’re excited to announce that the Command and Control (C2) Collection is now available with today’s launch of version 21 of the Corelight software. One of the most important ways that de… Continue reading Introducing the C2 Collection and RDP inferences

C2 detections, RDP insights and NDR at 100G

By John Gamble, Director of Product Marketing, Corelight Today I am excited to announce Corelight’s v21 release, which delivers dozens of powerful C2 detections, extends analyst visibility around RDP connections, and helps organizations scale network d… Continue reading C2 detections, RDP insights and NDR at 100G

How do you know?

By Charles Strauss, Senior Brand Copywriter, Corelight Can you be sure attackers aren’t hiding in your encrypted traffic? Can your investigators go back 18 months ago to find what they need? Do your DNS queries all have responses, and are they what you… Continue reading How do you know?

Now You Know – Q&A about Bricata with CEO John Trauth

Bricata CEO John Trauth discusses how Bricata is helping the world’s largest organizations secure their networks by delivering the most complete network detection and response (NDR) capabilities available. 1) What was your original vision for Bricata? … Continue reading Now You Know – Q&A about Bricata with CEO John Trauth

Mixed VLAN tags and BPF syntax

By Richard Bejtlich, Principal Security Strategist, Corelight This post contains a warning and a solution for anyone using BPF syntax when filtering traffic for network security monitoring.  Introduction I have been writing material for the Zeek docume… Continue reading Mixed VLAN tags and BPF syntax

Zeek & Sigma: Fully Compatible for Cross-SIEM Detections

By Alex Kirk, Corelight Global Principal for Suricata Corelight recently teamed up with SOC Prime, creators of advanced cyber analytics platforms, to add support for the entire Zeek data set into Sigma, the only generic signature language that enables … Continue reading Zeek & Sigma: Fully Compatible for Cross-SIEM Detections