Scripts + Resources

Threat Hunting Guide

 

Threat Hunting Guide

Learn how to find dozens of adversary tactics and techniques using network data.

ig-website-open-ndr-dummies-570-2-1

 

Open NDR for Dummies

Get your complimentary copy about Network Detection and Response.

Corelight Zeek cheatsheets poster

 

Zeek® cheatsheets poster

Download our cheatsheets poster, packed with a selection of Corelight and Zeek logs, plus our Encrypted Traffic Collection reference.

Zeek cheatsheets

Zeek cheatsheets

The most popular Zeek logs, alphabetized and formatted for printing and easy reference. Includes SMB logs for Microsoft® platforms.

ESG report about Open NDR

ESG report

Open Network Detection (Open NDR):
What It Is and Why It's Needed.

ig-website-resources-corelight-intro-to-zeek-format

Intro to Zeek log formats

A practical guide to understanding Zeek log formats, authored by Richard Bejtlich.

Zeek packages / scripts

Corelight Sensors come pre-loaded with a set of the most popular and useful Zeek packages (a Zeek package is a script with metadata), to get you up and running in minutes. But sometimes you want to add extra functionality or customization. These Zeek scripts have been vetted and tested for performance by the Corelight team.
HTTP stalling detector script

Detects HTTP stalling DoS attacks, such as Slowloris.

Download
Top DNS script

Logs the top DNS requests at a configurable interval (15 min. default).

Download
JA3 script

Generates SSL client fingerprints and logs them as a new field in the ssl.log.

Download
Unknown MIME type discovery script

Logs files without known MIME types.

Download