zeek – Page 3 – WindowsTechs.com

Suricata or Zeek? The answer is both.

Posted on September 15, 2020 by Sujai Chandrasekaran

If you apply Pereto’s Principal (the 80/20 rule) to network security, about 80% of incidents are caused by known threats that are easily…
The post Suricata or Zeek? The answer is both. appeared first on Security Boulevard.
Continue reading Suricata or Zeek? The answer is both.→

Mixed VLAN tags and BPF syntax

Posted on August 27, 2020 by Richard Bejtlich

By Richard Bejtlich, Principal Security Strategist, Corelight This post contains a warning and a solution for anyone using BPF syntax when filtering traffic for network security monitoring. Introduction I have been writing material for the Zeek docume… Continue reading Mixed VLAN tags and BPF syntax→

One Weird Trick for Reviewing Zeek Logs on the Command Line!

Posted on August 19, 2020 by Richard Bejtlich

Are you a network security monitoring dinosaur like me? Do you prefer to inspect your Zeek logs using the command line instead of a Web-based SIEM?If yes, try this one weird trick!I store my Zeek logs in JSON format. Sometimes I like to view the output… Continue reading One Weird Trick for Reviewing Zeek Logs on the Command Line!→

Zeek in it’s sweet spot: Detecting F5’s Big-IP CVE10 (CVE-2020-5902)

Posted on July 28, 2020 by Ben Reardon

By Ben Reardon, Corelight Security Researcher Having a CVE 10 unauthenticated Remote Code Execution vulnerability on a central load balancing device? That’s bad… Not being able to detect when a threat actor attempts and/or succeeds in compr… Continue reading Zeek in it’s sweet spot: Detecting F5’s Big-IP CVE10 (CVE-2020-5902)→

Ripple20 Zeek package open sourced

Posted on June 30, 2020 by Ben Reardon

By Ben Reardon, Corelight Security Researcher Recently, security research group JSOF released 19 vulnerabilities related to the “Treck” TCP/IP stack. This stack exists on many devices as part of the supply chain of many well known IoT/ICS/d… Continue reading Ripple20 Zeek package open sourced→

Zeek & Sigma: Fully Compatible for Cross-SIEM Detections

Posted on June 25, 2020 by Alex Kirk

By Alex Kirk, Corelight Global Principal for Suricata Corelight recently teamed up with SOC Prime, creators of advanced cyber analytics platforms, to add support for the entire Zeek data set into Sigma, the only generic signature language that enables … Continue reading Zeek & Sigma: Fully Compatible for Cross-SIEM Detections→

Zeek & Sigma: Fully Compatible for Cross-SIEM Detections

Posted on June 25, 2020 by Alex Kirk

Chocolate and Peanut Butter, Zeek and Suricata

Posted on June 16, 2020 by Brian Dye

By Brian Dye, Chief Product Officer, Corelight Some things just go well together. A privilege of working with very sophisticated defenders in the open source community is seeing the design patterns they use to secure their organizations – bo… Continue reading Chocolate and Peanut Butter, Zeek and Suricata→

The light shines even brighter: Updates to Corelight’s Encrypted Traffic Collection

Posted on June 16, 2020 by Vince Stoffer

By Vince Stoffer, Senior Director, Product Management, Corelight With Corelight’s latest software release, v19, we are excited to announce the expansion of our Encrypted Traffic Collection (ETC). The ETC was introduced in late 2019, but as a remi… Continue reading The light shines even brighter: Updates to Corelight’s Encrypted Traffic Collection→

Detecting GnuTLS CVE-2020-13777 using Zeek

Posted on June 11, 2020 by Johanna Amann

By Johanna Amann, Software Engineer, Corelight CVE-2020-13777 is a high severity issue in GnuTLS. In a nutshell, GnuTLS versions between 3.6.4 (released 2018-09-24) and 3.6.14 (2020-06-03) have a serious bug in their session resumption code, which lets… Continue reading Detecting GnuTLS CVE-2020-13777 using Zeek→