Zeek
Profiling Whonix
I downloaded Whonix version 15, in which two virtual machines work together to detect activity in a clever way.
Corelight Bright Ideas Blog
This is the Custom Rich Text module
Feel free to edit this text to reflect your unique voice and message. Tell visitors what you do, why you do it, and what sets you apart.
- All
- Zeek
- Network Security Monitoring
- network security
- featured
- NDR
- network detection response
- Corelight
- cybersecurity
- network traffic analysis
- network visibility
- Bro
- SOC
- Corelight Labs
- Richard Bejtlich
- Product
- SIEM
- open source
- Announcements
- threat hunting
- BlackHat
- Industry
- Suricata
- Splunk
- DNS
- PCAP
- TLS
- open source community
- Corelight Sensor
- NSM
- Partnership
- HTTP
- MITRE ATT&CK
- GitHub
- Incident response
- network evidence
- Zeek Logs
- encrypted traffic
- SSH
- microsoft
- encrypted traffic collection
- JSON
- Detection
- IDS
- NOC
- command and control
- encryption
- ja3
- AWS
- HTTPS
- SSL
Zeek
Investigating the effects of TLS 1.3 on Corelight logs, part 2
In part 1, I showed how Corelight would produce logs for a clear-text HTTP session. In part 2, I perform the same transaction using TLS 1.2.
Richard Bejtlich
Jun 3, 2019
Zeek
Investigating the effects of TLS 1.3 on Corelight logs, part 1
In this first of three parts, I will introduce TLS and demonstrate a clear-text HTTP session as interpreted by Corelight logs.
Richard Bejtlich
May 29, 2019
Zeek
How to use Corelight and Zeek logs to mitigate RDS/RDP vulnerabilities
CVE-2019-0708 is a serious vulnerability awaiting exploitation. Learn how to use Corelight and Zeek logs to mitigate RDS/RDP vulnerabilities.
Richard Bejtlich
May 23, 2019
Zeek
Is there a ‘Z’ in “Vectra”?
This blog builds on a prior post by discussing why our customers come to us as an enterprise solution to support their Zeek deployments.
Vern Paxson
May 21, 2019
Zeek
Network Security Monitoring, a requirement for Managed Service Providers?
Over the last six months, a variety of MSPs were compromised. In this post, I aim to get a better understanding of those incidents.
Richard Bejtlich
May 21, 2019
Zeek
How Zeek can provide insights despite encrypted communications
This post will outline some methods Zeek employs to provide visibility into SSH connections.
Anthony Kasza
May 7, 2019
Zeek
Zeek is much more than a data format
Last week, a candidate for a role at Corelight explained his motivation for joining the company: “the world is standardizing on Zeek.” Here's why...
Gregory Bell
Apr 24, 2019
Zeek
Mission First, People Always.
I’m Amber Graner, and I’m excited to join Corelight, Inc as the Director of Community for the open source Zeek project.
Amber Graener
Apr 9, 2019
Zeek
Is IPS a feature or a product?
Is IPS a feature or a product? I will present my view on the topic, but I’m more interested in hearing what readers think!
Richard Bejtlich
Apr 2, 2019