Zeek
Profiling Whonix
I downloaded Whonix version 15, in which two virtual machines work together to detect activity in a clever way.
Corelight Bright Ideas Blog
This is the Custom Rich Text module
Feel free to edit this text to reflect your unique voice and message. Tell visitors what you do, why you do it, and what sets you apart.
- All
- Zeek
- Network Security Monitoring
- network security
- featured
- NDR
- network detection response
- Corelight
- cybersecurity
- network traffic analysis
- network visibility
- Bro
- SOC
- Corelight Labs
- Richard Bejtlich
- Product
- SIEM
- open source
- Announcements
- threat hunting
- BlackHat
- Industry
- Suricata
- Splunk
- DNS
- PCAP
- TLS
- open source community
- Corelight Sensor
- NSM
- Partnership
- HTTP
- MITRE ATT&CK
- GitHub
- Incident response
- network evidence
- Zeek Logs
- encrypted traffic
- SSH
- microsoft
- encrypted traffic collection
- JSON
- Detection
- IDS
- NOC
- command and control
- encryption
- ja3
- AWS
- HTTPS
- SSL
Corelight
Hello, my name is??
Corelight just released our v17 software. Here are the details about how these new features can enhance your data, speed up your IR workflow, and...
Vince Stoffer
Jun 11, 2019
Filed Under: Network Security Monitoring
Investigating the effects of TLS 1.3 on Corelight logs, part 3
We reproduce our experiment using TLS 1.3. Remember that we have been visiting the Web site enabled.tls13.com, first without encryption, then with...
Richard Bejtlich
Jun 7, 2019
Zeek
Investigating the effects of TLS 1.3 on Corelight logs, part 2
In part 1, I showed how Corelight would produce logs for a clear-text HTTP session. In part 2, I perform the same transaction using TLS 1.2.
Richard Bejtlich
Jun 3, 2019
Zeek
Investigating the effects of TLS 1.3 on Corelight logs, part 1
In this first of three parts, I will introduce TLS and demonstrate a clear-text HTTP session as interpreted by Corelight logs.
Richard Bejtlich
May 29, 2019
Zeek
Examining aspects of encrypted traffic through Zeek logs
In this post I will use Zeek logs to demonstrate alternative ways to analyze encrypted HTTP traffic.
Richard Bejtlich
Feb 19, 2019
Zeek
Network security monitoring is dead, and encryption killed it.
This post covers a brief history of encryption on the web and investigates the security analysis challenges that have developed as a result.
Richard Bejtlich
Jan 29, 2019
Zeek
The last BroCon. It’ll be Zeek in 2019!
I’m back in San Francisco after the last ever BroCon! Why the last BroCon? Because the Bro Leadership Team has announced a new name for the project.
Robin Sommer
Nov 5, 2018
Zeek
Log enrichment with DNS host names
With Corelight’s 1.15 release, we help figure out the host names associated with an IP address in prior network activity. Here's how it works.
Christian Kreibich
Oct 25, 2018
Zeek
Databricks + Corelight – A powerful combination for cybersecurity, incident response and threat hunting
Here's why Databricks plus Corelight is a powerful combination for cybersecurity, incident response and threat hunting.
Alan Saldich
Jul 17, 2018