Collaborate Disseminate
Trying to create a whitelist rule that would not log any DNS entry with a .gov TLD. I tried the syntax below but does not work.
pass dns any any <> any any (msg: ".gov domain"; dns_query; content:".gov"; nocase; s… Continue reading Suricata rule that would not log any DNS entry with a .gov TLD [closed]
We want to improve cyber security and I consider installing Suricata on our firewall (pfSense). Malware and Ransomware (as for anyone, I guess) concerns me much and one way to deny Ransomeware its need is to block IPs for c2 Server or othe… Continue reading IP Blocklists for Firewall (pfSense)
By Sarah Banks, Senior Director of Product Management, Corelight As we finished rolling out Corelight’s v21 software release, which saw the delivery of the world’s first 100G, 1U Zeek sensor, I was reminded of when I’d first read the “100G Intrusion De… Continue reading World’s first 100G Zeek sensor
By Keith Jones, Anthony Kasza and Ben Reardon, Security Researchers, Corelight Introduction Recently, Trustwave reported on a new malware family which they discovered during a breach investigation. The backdoor, dubbed Pingback, executes on Windows sys… Continue reading Pingback: ICMP Tunneling Malware
We have a need to check the arrival time of two relative packets, like packet1 and packet2, if packet2 arrives too late after packet1, we want an alert for it.
Is it possible to write a rule for this? I go through the suricata’s doc and fe… Continue reading Can I write a suricata rule based on the timestamp the packet arrives on the host?
By Lana Knop, Chief Product Officer, Corelight Through our newly announced partnership with CrowdStrike, Corelight customers will be able to incorporate CrowdStrike’s best-in-class threat intelligence into Corelight Sensors to generate actionable alert… Continue reading CrowdStrike + Corelight partner to reach new heights
By Vijit Nair, Sr. Director, Product Management, Corelight Comprehensive visibility is challenging in a cloud environment. While these environments are rich sources of telemetry and logs, it is challenging for security teams to ensure that logging is c… Continue reading Extending NDR visibility in AWS IaaS
By Gary Fisk, Sales Engineer, Corelight I love origin stories – the tales of grand plans, unforeseen circumstances, and necessity that creates something new. These strange times have resulted in something new from Corelight, and I’d like to share how i… Continue reading Who’s your fridge talking to at night?
By Seth Hall, Co-Founder & Chief Evangelist, Corelight Zeek has been the darling of security defenders looking to get deep visibility into network traffic. Over the last two decades, Zeek has become a household name – widely used by enterprise orga… Continue reading Small, fast and easy. Pick any three.
By Alex Kirk, Corelight Global Principal for Suricata More than 15 years after Gartner declared that “IDS is dead” because it was too noisy to be effectively managed, alert fatigue continues to be a central theme of life in modern SOCs, with a majority… Continue reading Beating alert fatigue with integrated data