network detection response
Explore Corelight evidence in Humio Community Edition
Our new collaboration with CrowdStrike and Humio allows our customers and the community to experience the value of evidence.
Corelight Bright Ideas Blog
This is the Custom Rich Text module
Feel free to edit this text to reflect your unique voice and message. Tell visitors what you do, why you do it, and what sets you apart.
- All
- Zeek
- Network Security Monitoring
- network security
- featured
- NDR
- network detection response
- Corelight
- cybersecurity
- network traffic analysis
- network visibility
- Bro
- SOC
- Corelight Labs
- Richard Bejtlich
- Product
- SIEM
- open source
- Announcements
- threat hunting
- BlackHat
- Industry
- Suricata
- Splunk
- DNS
- PCAP
- TLS
- open source community
- Corelight Sensor
- NSM
- Partnership
- HTTP
- MITRE ATT&CK
- GitHub
- Incident response
- network evidence
- Zeek Logs
- encrypted traffic
- SSH
- microsoft
- encrypted traffic collection
- JSON
- Detection
- IDS
- NOC
- command and control
- encryption
- ja3
- AWS
- HTTPS
- SSL
Zeek
Detecting CVE-2021-31166 – HTTP vulnerability
In this blog we aim to provide a little insight into part of the lifecycle of Corelight Lab’s response to a critical HTTP vulnerability.
Ben Reardon
May 27, 2021
Zeek
Finding SUNBURST backdoor with Zeek logs & Corelight
FireEye’s threat research team has discovered a troubling new supply chain attack targeting SolarWind’s Orion IT monitoring and management platform.
John Gamble
Dec 15, 2020
Zeek
Zeek in its sweet spot: Detecting F5’s Big-IP CVE10 (CVE-2020-5902)
We’ve just open sourced a Zeek package that detects exploit attempts and successes. This package demonstrates a couple of aspects that are worth...
Ben Reardon
Jul 28, 2020
Zeek
Chocolate and peanut butter, Zeek and Suricata
We are proud to announce that in our v19 software release we have delivered a sensor that combines and integrates Zeek and Suricata with three key...
Brian Dye
Jun 16, 2020
Zeek
Detecting the new CallStranger UPnP vulnerability with Zeek
By allowing the attacker to essentially force a connection to an arbitrary URL, CallStranger can be used in these three key ways.
Ryan Victory
Jun 10, 2020
Filed Under: Network Security Monitoring
Investigating the effects of TLS 1.3 on Corelight logs, part 3
We reproduce our experiment using TLS 1.3. Remember that we have been visiting the Web site enabled.tls13.com, first without encryption, then with...
Richard Bejtlich
Jun 7, 2019
Zeek
Investigating the effects of TLS 1.3 on Corelight logs, part 2
In part 1, I showed how Corelight would produce logs for a clear-text HTTP session. In part 2, I perform the same transaction using TLS 1.2.
Richard Bejtlich
Jun 3, 2019
Zeek
Investigating the effects of TLS 1.3 on Corelight logs, part 1
In this first of three parts, I will introduce TLS and demonstrate a clear-text HTTP session as interpreted by Corelight logs.
Richard Bejtlich
May 29, 2019
Zeek
How Zeek can provide insights despite encrypted communications
This post will outline some methods Zeek employs to provide visibility into SSH connections.
Anthony Kasza
May 7, 2019