suricata – Page 3 – WindowsTechs.com

Small, fast and easy. Pick any three.

Posted on November 18, 2020 by Seth Hall

By Seth Hall, Co-Founder & Chief Evangelist, Corelight Zeek has been the darling of security defenders looking to get deep visibility into network traffic. Over the last two decades, Zeek has become a household name – widely used by enterprise orga… Continue reading Small, fast and easy. Pick any three.→

Beating alert fatigue with integrated data

Posted on October 8, 2020 by Alex Kirk

By Alex Kirk, Corelight Global Principal for Suricata More than 15 years after Gartner declared that “IDS is dead” because it was too noisy to be effectively managed, alert fatigue continues to be a central theme of life in modern SOCs, with a majority… Continue reading Beating alert fatigue with integrated data→

Help in Suricata rule bitmask syntax problem

Posted on October 4, 2020 by Khalid

I have written the following rule in my Suricata rules file:
alert tcp any any <> any any (flow:established; content:"|65|"; offset:0; depth:1; byte_test:1, =, 3, 2, bitmask 0x03; msg:"detected"; classtype:bad-unk… Continue reading Help in Suricata rule bitmask syntax problem→

Suricata or Zeek? The answer is both.

Posted on September 15, 2020 by Sujai Chandrasekaran

If you apply Pereto’s Principal (the 80/20 rule) to network security, about 80% of incidents are caused by known threats that are easily…
The post Suricata or Zeek? The answer is both. appeared first on Security Boulevard.
Continue reading Suricata or Zeek? The answer is both.→

Network Worm Sending HTTPS Passwords in POST Requests

Posted on August 7, 2020 by ProfessorManhattan

So there are a lot of details to this but let’s just say that I’m convinced I’m being actively monitored by advanced hackers. It started when I was posting about time travelers on internet security forums. I was hacked many times and have … Continue reading Network Worm Sending HTTPS Passwords in POST Requests→

Zeek in it’s sweet spot: Detecting F5’s Big-IP CVE10 (CVE-2020-5902)

Posted on July 28, 2020 by Ben Reardon

By Ben Reardon, Corelight Security Researcher Having a CVE 10 unauthenticated Remote Code Execution vulnerability on a central load balancing device? That’s bad… Not being able to detect when a threat actor attempts and/or succeeds in compr… Continue reading Zeek in it’s sweet spot: Detecting F5’s Big-IP CVE10 (CVE-2020-5902)→

Inaccurate Suricata ET rule (SID: 2030388, CVE-2020-11900)

Posted on July 8, 2020 by Giac

I found too many event on suricata after recent update regarding this rule:
alert ip any any -> any any (msg:"ET EXPLOIT Possible CVE-2020-11900 IP-in-IP tunnel Double-Free"; ip_proto:4; metadata: former_category EXPLOIT; refe… Continue reading Inaccurate Suricata ET rule (SID: 2030388, CVE-2020-11900)→

Suricata and rules based on MAC address

Posted on July 1, 2020 by loi219

I’m working on a project to implement SDN in a network. One of my flows is redirecting to the Suricata IDS and the flow works in layer 2 with MAC address.
Since I’ve read that Snort only works in layer 3, I would like to know if it’s possi… Continue reading Suricata and rules based on MAC address→

Chocolate and Peanut Butter, Zeek and Suricata

Posted on June 16, 2020 by Brian Dye

By Brian Dye, Chief Product Officer, Corelight Some things just go well together. A privilege of working with very sophisticated defenders in the open source community is seeing the design patterns they use to secure their organizations – bo… Continue reading Chocolate and Peanut Butter, Zeek and Suricata→

The light shines even brighter: Updates to Corelight’s Encrypted Traffic Collection

Posted on June 16, 2020 by Vince Stoffer

By Vince Stoffer, Senior Director, Product Management, Corelight With Corelight’s latest software release, v19, we are excited to announce the expansion of our Encrypted Traffic Collection (ETC). The ETC was introduced in late 2019, but as a remi… Continue reading The light shines even brighter: Updates to Corelight’s Encrypted Traffic Collection→