Zeek
Detecting 5 current APTs without heavy lifting
Corelight Labs looks at three APT toolsets that have been linked to five threat actors, detecting each using relatively simple search logic.
Corelight Bright Ideas Blog
This is the Custom Rich Text module
Feel free to edit this text to reflect your unique voice and message. Tell visitors what you do, why you do it, and what sets you apart.
- All
- Zeek
- Network Security Monitoring
- network security
- featured
- NDR
- network detection response
- Corelight
- cybersecurity
- network traffic analysis
- network visibility
- Bro
- SOC
- Corelight Labs
- Richard Bejtlich
- Product
- SIEM
- open source
- Announcements
- threat hunting
- BlackHat
- Industry
- Suricata
- Splunk
- DNS
- PCAP
- TLS
- open source community
- Corelight Sensor
- NSM
- Partnership
- HTTP
- MITRE ATT&CK
- GitHub
- Incident response
- network evidence
- Zeek Logs
- encrypted traffic
- SSH
- microsoft
- encrypted traffic collection
- JSON
- Detection
- IDS
- NOC
- command and control
- encryption
- ja3
- AWS
- HTTPS
- SSL
Zeek
World’s first 100G Zeek sensor
As we finished rolling out our v21 software release, I was reminded of when I’d first read the 2015 “100G Intrusion Detection” paper written at...
Sarah Banks
May 24, 2021
Zeek
C2 detections, RDP insights and NDR at 100G
I am excited to announce Corelight’s v21 release, which delivers dozens of powerful C2 detections, extends analyst visibility around RDP connections,...
John Gamble
May 18, 2021
Zeek
Introducing the C2 Collection and RDP inferences
We’re excited to announce that the Command and Control (C2) Collection is now available with today’s launch of version 21 of the Corelight software.
Vince Stoffer
May 18, 2021
Zeek
Extending NDR visibility in AWS IaaS
Visibility is challenging in a cloud environment. Security teams have long relied on network monitoring to complement application level visibility.
Vijit Nair
Apr 8, 2021
Product
Exchange exploitation and architecting for visibility
The new Microsoft Exchange vulnerabilities disclosed earlier this month highlight the importance of architecting for security visibility on the...
Alex Kirk
Mar 16, 2021
MITRE ATT&CK
Translating query into action
Sigma is an open-source project that provides a generic signature format for SIEMs. Here are the benefits of Sigma, and how to get these threat...
Vince Stoffer
Mar 15, 2021
Zeek
Small, fast and easy. Pick any three.
Zeek has been the darling of security defenders looking to get deep visibility into network traffic. Today, we are excited to announce the Software...
Seth Hall
Nov 18, 2020
Zeek
Community ID support for Wireshark
The past few weeks have seen several developments around Community ID and support for Wireshark. I’d like to summarize them in this blog post.
Christian Kreibich
Oct 7, 2020
Partnership
NDR for AWS Well-Architected
Corelight can improve operational excellence, performance, reliability, cost effectiveness, and security results in the AWS cloud.
Roger Cheeks
Aug 6, 2020