Zeek
Introducing RDP Inferences
This package runs on Corelight Sensors and provides network traffic analysis (NTA) inferences on live RDP traffic.
Corelight Bright Ideas Blog
This is the Custom Rich Text module
Feel free to edit this text to reflect your unique voice and message. Tell visitors what you do, why you do it, and what sets you apart.
- All
- Zeek
- Network Security Monitoring
- network security
- featured
- NDR
- network detection response
- Corelight
- cybersecurity
- network traffic analysis
- network visibility
- Bro
- SOC
- Corelight Labs
- Richard Bejtlich
- Product
- SIEM
- open source
- Announcements
- threat hunting
- BlackHat
- Industry
- Suricata
- Splunk
- DNS
- PCAP
- TLS
- open source community
- Corelight Sensor
- NSM
- Partnership
- HTTP
- MITRE ATT&CK
- GitHub
- Incident response
- network evidence
- Zeek Logs
- encrypted traffic
- SSH
- microsoft
- encrypted traffic collection
- JSON
- Detection
- IDS
- NOC
- command and control
- encryption
- ja3
- AWS
- HTTPS
- SSL
Zeek
Detecting SUNBURST/Solarigate activity in retrospect with Zeek
Learn how you can use Zeek to detect this level of cunning evasion tactics in your own retrospective hunts and forensic investigations.
Ben Reardon
Dec 22, 2020
Partnership
Corelight Splunk App update: New dashboard and data
We are pleased to launch our newest installment of the Corelight App for Splunk (Corelight App) and the Corelight Technical Add-on (TA).
Roger Cheeks
Jul 20, 2020
Zeek
The light shines even brighter: Updates to Corelight’s Encrypted Traffic Collection
We are excited to announce the expansion of our ETC. In this post, I will provide some further details and what the research team is working on next!
Vince Stoffer
Jun 16, 2020
Zeek
Light in the darkness: New Corelight Encrypted Traffic Collection
Version 18 of our software features the Encrypted Traffic Collection which focuses on SSH, SSL/TLS certificates and insights into encrypted network...
Vince Stoffer
Nov 20, 2019
Corelight Labs
Introducing the Corelight SSH Inference package
The SSH Inference package installs on sensors with a few clicks and provides network traffic analysis (NTA) inferences on live SSH traffic.
Anthony Kasza
Nov 19, 2019
Industry
The sun sets on TLS 1.0
The major web browsers announced their intent to disable support for TLS 1.0 and TLS 1.1 in 2020. What does this mean, and what are the consequences?
Johanna Amann
Sep 16, 2019
Zeek
Profiling Whonix
I downloaded Whonix version 15, in which two virtual machines work together to detect activity in a clever way.
Richard Bejtlich
Jul 18, 2019
Filed Under: Network Security Monitoring
Investigating the effects of TLS 1.3 on Corelight logs, part 3
We reproduce our experiment using TLS 1.3. Remember that we have been visiting the Web site enabled.tls13.com, first without encryption, then with...
Richard Bejtlich
Jun 7, 2019
Zeek
Investigating the effects of TLS 1.3 on Corelight logs, part 2
In part 1, I showed how Corelight would produce logs for a clear-text HTTP session. In part 2, I perform the same transaction using TLS 1.2.
Richard Bejtlich
Jun 3, 2019