network visibility
It’s Typhoon Season: Attackers are deliberately evading EDR. What can you do about it?
Learn how network visibility and detection are critical to closing security gaps and detecting these attacks.
Corelight Bright Ideas Blog
This is the Custom Rich Text module
Feel free to edit this text to reflect your unique voice and message. Tell visitors what you do, why you do it, and what sets you apart.
- All
- Zeek
- Network Security Monitoring
- network security
- featured
- NDR
- network detection response
- Corelight
- cybersecurity
- network traffic analysis
- network visibility
- Bro
- SOC
- Corelight Labs
- Richard Bejtlich
- Product
- SIEM
- open source
- Announcements
- threat hunting
- BlackHat
- Industry
- Suricata
- Splunk
- DNS
- PCAP
- TLS
- open source community
- Corelight Sensor
- NSM
- Partnership
- HTTP
- MITRE ATT&CK
- GitHub
- Incident response
- network evidence
- Zeek Logs
- encrypted traffic
- SSH
- microsoft
- encrypted traffic collection
- JSON
- Detection
- IDS
- NOC
- command and control
- encryption
- ja3
- AWS
- HTTPS
- SSL
Zeek
Key takeaways from RSA 2023: #BetterTogether and AI in security
Whether or not you made it to RSA 2023, check out this blog to learn about key themes from this year’s conference.
Ed Smith
May 8, 2023
Zeek
New Sliver C2 Detection Released - Redteam detected
Corelight announces the release of a new detection package “Sliver”, which identifies and raises alerts related to the Sliver C2 framework.
Corelight Labs Team
May 4, 2023
network visibility
“Easy” button for cloud NDR visibility
Corelight's SaaS offering for AWS removes the heavy lift of managing a vital security tool but maintains visibility needed to keep cloud deployments...
Todd Morneau
Oct 18, 2022
Federal
BOD 23-01: Better visibility to reduce risk
Corelight Federal CTO Jean Schaffer on how validating what asset management and vulnerability detection practices are producing is vital for BOD...
Jean Schaffer
Oct 10, 2022
Corelight Labs
Detecting the Manjusaka C2 framework
In this blog post, the Corelight Labs team shares some of the detection methods available for the Manjusaka C2 framework.
Corelight Labs Team
Sep 29, 2022
Zeek
Detecting CVE-2022-30216: Windows Server Service Tampering
Corelight Labs reviewed a POC exploit for CVE-2022-30216 and wrote a Zeek-based detection and released the package on GitHub.
Tillson Galloway
Aug 9, 2022
network detection response
Corelight Investigator accelerates threat hunting
This morning we announced Corelight Investigator, an open NDR platform that enables security teams with next-level evidence. Here is how it works.
Nick Hunter
May 25, 2022
Zeek
Finding CVE-2022-22954 with Zeek
In this post, we share simple ways to detect evidence of CVE-2022-22954 in Zeek logs, which can be adapted to other data stores (e.g., a SIEM).
Corelight Labs Team
May 20, 2022
Zeek
Spotting Log4j traffic in Kubernetes environments
We demonstrate how the visibility of network traffic passing between pods and containers within the K8s network can be utilized to detect a log4j...
Stan Kiefer
May 10, 2022