network detection response
Explore Corelight evidence in Humio Community Edition
Our new collaboration with CrowdStrike and Humio allows our customers and the community to experience the value of evidence.
Corelight Bright Ideas Blog
This is the Custom Rich Text module
Feel free to edit this text to reflect your unique voice and message. Tell visitors what you do, why you do it, and what sets you apart.
- All
- Zeek
- Network Security Monitoring
- network security
- featured
- NDR
- network detection response
- Corelight
- cybersecurity
- network traffic analysis
- network visibility
- Bro
- SOC
- Corelight Labs
- Richard Bejtlich
- Product
- SIEM
- open source
- Announcements
- threat hunting
- BlackHat
- Industry
- Suricata
- Splunk
- DNS
- PCAP
- TLS
- open source community
- Corelight Sensor
- NSM
- Partnership
- HTTP
- MITRE ATT&CK
- GitHub
- Incident response
- network evidence
- Zeek Logs
- encrypted traffic
- SSH
- microsoft
- encrypted traffic collection
- JSON
- Detection
- IDS
- NOC
- command and control
- encryption
- ja3
- AWS
- HTTPS
- SSL
Zeek
Extending NDR visibility in AWS IaaS
Visibility is challenging in a cloud environment. Security teams have long relied on network monitoring to complement application level visibility.
Vijit Nair
Apr 8, 2021
Partnership
Corelight Splunk App update: New dashboard and data
We are pleased to launch our newest installment of the Corelight App for Splunk (Corelight App) and the Corelight Technical Add-on (TA).
Roger Cheeks
Jul 20, 2020
Zeek
The light shines even brighter: Updates to Corelight’s Encrypted Traffic Collection
We are excited to announce the expansion of our ETC. In this post, I will provide some further details and what the research team is working on next!
Vince Stoffer
Jun 16, 2020
Zeek
Analyzing encrypted RDP connections
Open source Zeek is capable of analyzing RDP connections and does a fantastic job handling the many options and configurations the RDP protocol...
Anthony Kasza
May 13, 2020
Zeek
Detecting OpenBSD CVE-2019-19521 SSH exploit attempts
Here's a simple prototype script which identifies CVE-2019-19521 within SSH connections.
Anthony Kasza
Dec 6, 2019
Zeek
Light in the darkness: New Corelight Encrypted Traffic Collection
Version 18 of our software features the Encrypted Traffic Collection which focuses on SSH, SSL/TLS certificates and insights into encrypted network...
Vince Stoffer
Nov 20, 2019
Corelight Labs
Introducing the Corelight SSH Inference package
The SSH Inference package installs on sensors with a few clicks and provides network traffic analysis (NTA) inferences on live SSH traffic.
Anthony Kasza
Nov 19, 2019
Zeek
Don’t delay – Corelight today!
While I have used log collection and SIEM platforms to review Zeek transaction logs, it is not necessary to wait for a SIEM before collecting...
Richard Bejtlich
Aug 1, 2019
Zeek
Profiling Whonix
I downloaded Whonix version 15, in which two virtual machines work together to detect activity in a clever way.
Richard Bejtlich
Jul 18, 2019