Corelight Bright Ideas Blog: NDR & Threat Hunting Blog

Bring Network Security Monitoring to the cloud with Corelight and Amazon VPC Traffic Mirroring

By John Gamble – June 24, 2019

Corelight Sensors transform network traffic into comprehensive logs, extracted files, and custom insights via Zeek, a powerful, open-source network security monitoring framework used by thousands of organizations worldwide to accelerate incident... Read more »

Hello, my name is??

By Vince Stoffer – June 10, 2019

Corelight just released our v17 software release and it’s packed with a number of cool new features including the Input Framework, Community ID, and MITRE’s BZAR collection of detections for lateral movement. Let me share a few details about how... Read more »

Investigating the effects of TLS 1.3 on Corelight logs, part 3

By Richard Bejtlich – June 6, 2019

Introduction Welcome to part 3 of my three-part series on TLS. In the previous two articles I briefly introduced TLS, and showed how Corelight would produce logs for a clear-text HTTP session. I then performed the same transaction using TLS 1.2, and... Read more »

Investigating the effects of TLS 1.3 on Corelight logs, part 2

By Richard Bejtlich – June 2, 2019

Introduction Welcome to part 2 of my three-part series on TLS. In the previous article I briefly introduced TLS, and showed how Corelight would produce logs for a clear-text HTTP session. In this article I will perform the same transaction using TLS... Read more »