Corelight Bright Ideas Blog

Featured

Enhanced anomaly detection and east-west visibility improve evasive threat detection, reduce false positives, and help SOC teams focus on critical...

Stories by Anthony

This package runs on Corelight Sensors and provides network traffic analysis (NTA) inferences on live RDP traffic.

Open source Zeek is capable of analyzing RDP connections and does a fantastic job handling the many options and configurations the RDP protocol...

Here's a simple prototype script which identifies CVE-2019-19521 within SSH connections.

The SSH Inference package installs on sensors with a few clicks and provides network traffic analysis (NTA) inferences on live SSH traffic.

This post will outline some methods Zeek employs to provide visibility into SSH connections.