Zeek
Zeek on Windows
A recap of the open-source work since the beginning of the Zeek collaboration with Microsoft. Originally posted on Zeek.org on Nov. 28, 2022.
Corelight Bright Ideas Blog
This is the Custom Rich Text module
Feel free to edit this text to reflect your unique voice and message. Tell visitors what you do, why you do it, and what sets you apart.
- All
- Zeek
- Network Security Monitoring
- network security
- featured
- NDR
- network detection response
- Corelight
- cybersecurity
- network traffic analysis
- network visibility
- Bro
- SOC
- Corelight Labs
- Richard Bejtlich
- Product
- SIEM
- open source
- Announcements
- threat hunting
- BlackHat
- Industry
- Suricata
- Splunk
- DNS
- PCAP
- TLS
- open source community
- Corelight Sensor
- NSM
- Partnership
- HTTP
- MITRE ATT&CK
- GitHub
- Incident response
- network evidence
- Zeek Logs
- encrypted traffic
- SSH
- microsoft
- encrypted traffic collection
- JSON
- Detection
- IDS
- NOC
- command and control
- encryption
- ja3
- AWS
- HTTPS
- SSL
Zeek
New position brings new open source opportunities
Dr. Kelley Misata shares her thoughts on why she is excited to join Corelight to lead open source and the new opportunities this role will bring.
Kelley Misata
Oct 12, 2022
Zeek
What makes evidence uniquely valuable?
Learn about the attributes of high-quality evidence. What should evidence look like, in order to be useful to defenders when the next security event...
Gregory Bell
May 18, 2022
Zeek
World’s first 100G Zeek sensor
As we finished rolling out our v21 software release, I was reminded of when I’d first read the 2015 “100G Intrusion Detection” paper written at...
Sarah Banks
May 24, 2021
Arch
Tracking down a glibc regression
We’d just upgraded our glibc package from 2.32 to 2.33, when we noticed some peculiar behavior. Here's how we tracked down a glibc regression.
Justin Azoff
May 13, 2021
Zeek
Detecting Zerologon (CVE-2020-1472) with Zeek
To assist in detecting Zerologon (CVE-2020-1472), we’ve open sourced a Zeek package that detects both attempted and successful exploits.
Yacin Nadji
Sep 16, 2020
Zeek
Meet the Corelight CTF tournament winners
We hosted a virtual CTF tournament where hundreds of players raced to solve security challenges using Zeek data in Splunk and Elastic. Here are the...
John Gamble
Sep 15, 2020
Zeek
Together is faster: Zeek for vulnerabilities
I love this quote by John Lambert. It perfectly describes the impact network defenders can achieve by pooling resources, insights, and techniques.
Gregory Bell
Aug 18, 2020
Zeek
Ripple20 Zeek package open sourced
Today we are open sourcing a Zeek package that passively detects the presence of some of the tell-tale signs that Treck devices can exhibit.
Ben Reardon
Jun 30, 2020
Zeek
Detecting GnuTLS CVE-2020-13777 using Zeek
Find a technical description of the bug, how it can be detected in network traffic, and how a short Zeek script can detect vulnerable servers.
Johanna Amann
Jun 11, 2020