Zeek
Introducing RDP Inferences
This package runs on Corelight Sensors and provides network traffic analysis (NTA) inferences on live RDP traffic.
Corelight Bright Ideas Blog
This is the Custom Rich Text module
Feel free to edit this text to reflect your unique voice and message. Tell visitors what you do, why you do it, and what sets you apart.
- All
- Zeek
- Network Security Monitoring
- network security
- featured
- NDR
- network detection response
- Corelight
- cybersecurity
- network traffic analysis
- network visibility
- Bro
- SOC
- Corelight Labs
- Richard Bejtlich
- Product
- SIEM
- open source
- Announcements
- threat hunting
- BlackHat
- Industry
- Suricata
- Splunk
- DNS
- PCAP
- TLS
- open source community
- Corelight Sensor
- NSM
- Partnership
- HTTP
- MITRE ATT&CK
- GitHub
- Incident response
- network evidence
- Zeek Logs
- encrypted traffic
- SSH
- microsoft
- encrypted traffic collection
- JSON
- Detection
- IDS
- NOC
- command and control
- encryption
- ja3
- AWS
- HTTPS
- SSL
DNS
Beating alert fatigue with integrated data
Corelight data enables immediate SOC improvements. Here's a walkthrough of initial playbooks.
Alex Kirk
Oct 8, 2020
Zeek
Meet the Corelight CTF tournament winners
We hosted a virtual CTF tournament where hundreds of players raced to solve security challenges using Zeek data in Splunk and Elastic. Here are the...
John Gamble
Sep 15, 2020
Zeek
Profiling Whonix
I downloaded Whonix version 15, in which two virtual machines work together to detect activity in a clever way.
Richard Bejtlich
Jul 18, 2019
Zeek
Investigating the effects of TLS 1.3 on Corelight logs, part 2
In part 1, I showed how Corelight would produce logs for a clear-text HTTP session. In part 2, I perform the same transaction using TLS 1.2.
Richard Bejtlich
Jun 3, 2019
Zeek
How to use Corelight and Zeek logs to mitigate RDS/RDP vulnerabilities
CVE-2019-0708 is a serious vulnerability awaiting exploitation. Learn how to use Corelight and Zeek logs to mitigate RDS/RDP vulnerabilities.
Richard Bejtlich
May 23, 2019
Zeek
Zeek is much more than a data format
Last week, a candidate for a role at Corelight explained his motivation for joining the company: “the world is standardizing on Zeek.” Here's why...
Gregory Bell
Apr 24, 2019
Zeek
Examining aspects of encrypted traffic through Zeek logs
In this post I will use Zeek logs to demonstrate alternative ways to analyze encrypted HTTP traffic.
Richard Bejtlich
Feb 19, 2019
Zeek
The last BroCon. It’ll be Zeek in 2019!
I’m back in San Francisco after the last ever BroCon! Why the last BroCon? Because the Bro Leadership Team has announced a new name for the project.
Robin Sommer
Nov 5, 2018
Zeek
There’s more to Bro than great network data
In this blog post, find out how Corelight is making it easier to detect threats on your network, and provides even better data to respond to them.
Vince Stoffer
Sep 6, 2018