Zeek
Detecting SUNBURST/Solarigate activity in retrospect with Zeek
Learn how you can use Zeek to detect this level of cunning evasion tactics in your own retrospective hunts and forensic investigations.
Corelight Bright Ideas Blog
This is the Custom Rich Text module
Feel free to edit this text to reflect your unique voice and message. Tell visitors what you do, why you do it, and what sets you apart.
- All
- Zeek
- Network Security Monitoring
- network security
- featured
- NDR
- network detection response
- Corelight
- cybersecurity
- network traffic analysis
- network visibility
- Bro
- SOC
- Corelight Labs
- Richard Bejtlich
- Product
- SIEM
- open source
- Announcements
- threat hunting
- BlackHat
- Industry
- Suricata
- Splunk
- DNS
- PCAP
- TLS
- open source community
- Corelight Sensor
- NSM
- Partnership
- HTTP
- MITRE ATT&CK
- GitHub
- Incident response
- network evidence
- Zeek Logs
- encrypted traffic
- SSH
- microsoft
- encrypted traffic collection
- JSON
- Detection
- IDS
- NOC
- command and control
- encryption
- ja3
- AWS
- HTTPS
- SSL
Zeek
Small, fast and easy. Pick any three.
Zeek has been the darling of security defenders looking to get deep visibility into network traffic. Today, we are excited to announce the Software...
Seth Hall
Nov 18, 2020
Zeek
DNS over TLS and DNS over HTTPS
In this post, we’ll explore DNS over TLS (DoT) and DNS over HTTPS (DoH). Before examining DoT and DoH, it’s important to take a quick look at DNS...
Jamie Brim
Jun 18, 2020
Zeek
Detecting GnuTLS CVE-2020-13777 using Zeek
Find a technical description of the bug, how it can be detected in network traffic, and how a short Zeek script can detect vulnerable servers.
Johanna Amann
Jun 11, 2020
Zeek
Analyzing encrypted RDP connections
Open source Zeek is capable of analyzing RDP connections and does a fantastic job handling the many options and configurations the RDP protocol...
Anthony Kasza
May 13, 2020
Zeek
Light in the darkness: New Corelight Encrypted Traffic Collection
Version 18 of our software features the Encrypted Traffic Collection which focuses on SSH, SSL/TLS certificates and insights into encrypted network...
Vince Stoffer
Nov 20, 2019
Zeek
A network engineer in a Zeek Week world
I’m seven months into a new job here at Corelight as a product manager, and I’m still as excited about Zeek as I was last month about Zeek Week....
Sarah Banks
Nov 5, 2019
Network Security Monitoring
Using Corelight to monitor and identify exploited VPNs
Network and security devices operate with vulnerabilities that can be exploited. Here's how to use Corelight to monitor and identify exploited VPNs.
Richard Bejtlich
Oct 2, 2019
Industry
The sun sets on TLS 1.0
The major web browsers announced their intent to disable support for TLS 1.0 and TLS 1.1 in 2020. What does this mean, and what are the consequences?
Johanna Amann
Sep 16, 2019
Zeek
Profiling Whonix
I downloaded Whonix version 15, in which two virtual machines work together to detect activity in a clever way.
Richard Bejtlich
Jul 18, 2019