network visibility – WindowsTechs.com

Telegram Zeek, you’re my main notice

Posted on July 28, 2021 by Yacin Nadji

Notices in Zeek Zeek’s Notice Framework enables network operators to specify how potentially interesting network findings can be reported. This decoupling of detection and reporting highlights Zeek’s flexibility: a notice-worthy event in network A may … Continue reading Telegram Zeek, you’re my main notice→

Detecting CVE-2021-31166 – HTTP vulnerability

Posted on May 27, 2021 by Ben Reardon

By Ben Reardon, Corelight Security Researcher In this blog we aim to provide a little insight into part of the lifecycle of Corelight Lab’s response to a critical HTTP vulnerability. We’ve open-sourced many such responses over the last year (see Append… Continue reading Detecting CVE-2021-31166 – HTTP vulnerability→

What the Cyber EO means for federal agencies

Posted on May 25, 2021 by Jean Schaffer

By Jean Schaffer, Federal CTO, Corelight For those of us who have spent our careers working in cybersecurity, President Biden’s recent “Executive Order on Improving the Nation’s Cybersecurity,” (EO) held no surprises. However, it is a step toward accel… Continue reading What the Cyber EO means for federal agencies→

World’s first 100G Zeek sensor

Posted on May 24, 2021 by Sarah Banks

By Sarah Banks, Senior Director of Product Management, Corelight As we finished rolling out Corelight’s v21 software release, which saw the delivery of the world’s first 100G, 1U Zeek sensor, I was reminded of when I’d first read the “100G Intrusion De… Continue reading World’s first 100G Zeek sensor→

Introducing the C2 Collection and RDP inferences

Posted on May 18, 2021 by Vince Stoffer

By Vince Stoffer, Senior Director, Product Management, Corelight We’re excited to announce that the Command and Control (C2) Collection is now available with today’s launch of version 21 of the Corelight software. One of the most important ways that de… Continue reading Introducing the C2 Collection and RDP inferences→

C2 detections, RDP insights and NDR at 100G

Posted on May 18, 2021 by John Gamble

By John Gamble, Director of Product Marketing, Corelight Today I am excited to announce Corelight’s v21 release, which delivers dozens of powerful C2 detections, extends analyst visibility around RDP connections, and helps organizations scale network d… Continue reading C2 detections, RDP insights and NDR at 100G→

How do you know?

Posted on May 18, 2021 by Charles Strauss

By Charles Strauss, Senior Brand Copywriter, Corelight Can you be sure attackers aren’t hiding in your encrypted traffic? Can your investigators go back 18 months ago to find what they need? Do your DNS queries all have responses, and are they what you… Continue reading How do you know?→

Now You Know – Q&A about Bricata with CEO John Trauth

Posted on October 29, 2020 by Bricata

Bricata CEO John Trauth discusses how Bricata is helping the world’s largest organizations secure their networks by delivering the most complete network detection and response (NDR) capabilities available. 1) What was your original vision for Bricata? … Continue reading Now You Know – Q&A about Bricata with CEO John Trauth→

Mixed VLAN tags and BPF syntax

Posted on August 27, 2020 by Richard Bejtlich

By Richard Bejtlich, Principal Security Strategist, Corelight This post contains a warning and a solution for anyone using BPF syntax when filtering traffic for network security monitoring. Introduction I have been writing material for the Zeek docume… Continue reading Mixed VLAN tags and BPF syntax→

Zeek & Sigma: Fully Compatible for Cross-SIEM Detections

Posted on June 25, 2020 by Alex Kirk

By Alex Kirk, Corelight Global Principal for Suricata Corelight recently teamed up with SOC Prime, creators of advanced cyber analytics platforms, to add support for the entire Zeek data set into Sigma, the only generic signature language that enables … Continue reading Zeek & Sigma: Fully Compatible for Cross-SIEM Detections→