Zeek
Introducing RDP Inferences
This package runs on Corelight Sensors and provides network traffic analysis (NTA) inferences on live RDP traffic.
Corelight Bright Ideas Blog
This is the Custom Rich Text module
Feel free to edit this text to reflect your unique voice and message. Tell visitors what you do, why you do it, and what sets you apart.
- All
- Zeek
- Network Security Monitoring
- network security
- featured
- NDR
- network detection response
- Corelight
- cybersecurity
- network traffic analysis
- network visibility
- Bro
- SOC
- Corelight Labs
- Richard Bejtlich
- Product
- SIEM
- open source
- Announcements
- threat hunting
- BlackHat
- Industry
- Suricata
- Splunk
- DNS
- PCAP
- TLS
- open source community
- Corelight Sensor
- NSM
- Partnership
- HTTP
- MITRE ATT&CK
- GitHub
- Incident response
- network evidence
- Zeek Logs
- encrypted traffic
- SSH
- microsoft
- encrypted traffic collection
- JSON
- Detection
- IDS
- NOC
- command and control
- encryption
- ja3
- AWS
- HTTPS
- SSL
Zeek
Mixed VLAN tags and BPF syntax
This post contains a warning and a solution for anyone using BPF syntax when filtering traffic for network security monitoring.
Richard Bejtlich
Aug 27, 2020
Network Security Monitoring
Network Security Monitoring data: Types I, II, and III
This blog post explains three levels of analysis and how encryption has affected NSM, demonstrating that NSM remains relevant, despite encryption.
Richard Bejtlich
Jul 8, 2020
Network Security Monitoring
The election is six months away. Now is the time to instrument election infrastructure.
Richard shared his thoughts on our blog on why the overarching role of the network and election infrastructure is worthy of a deep assessment right...
Richard Bejtlich
May 7, 2020
Network Security Monitoring
Enabling SOHO Network Security Monitoring
Here's how to instrument and enable network security monitoring for a small office – home office (SOHO) environment.
Richard Bejtlich
Apr 8, 2020
Zeek
Using Corelight and Zeek to support remote workers
Security teams would benefit from reviewing their NSM data to ensure that only authorized parties are interacting with their remote work...
Richard Bejtlich
Mar 25, 2020
Zeek
Countering network resident threats
Anyone worrying about detecting and responding to network resident threats would benefit from the data that Corelight provides.
Richard Bejtlich
Feb 20, 2020
Zeek
12 talks to see at RSA 2020
RSA 2020 is fast approaching. The speaker sessions seem to be of high quality overall, but here are the 12 talks you should consider attending.
Richard Bejtlich
Feb 10, 2020
Zeek
Day 1 detection: CVE-2020-0601, a community, and 40 lines of code
On 1-14-2020, the world learned of the vulnerability CVE-2020-0601. This post is about how leveraging the power of the Zeek community can benefit...
Richard Bejtlich
Jan 17, 2020
Network Security Monitoring
No tap? No problem!
This post will discuss four dimensions of not having network taps in place and offer advice on making the best of available visibility options.
Richard Bejtlich
Oct 22, 2019