Corelight Bright Ideas Blog

Featured

Modernize threat detection and SOC efficiency with integrated Corelight Threat Intelligence

Enhanced anomaly detection and east-west visibility improve evasive threat detection, reduce false positives, and help SOC teams focus on critical...

Allen Marin Oct 30, 2025

Stories by Richard

Filed Under: Network Security Monitoring

Investigating the effects of TLS 1.3 on Corelight logs, part 3

We reproduce our experiment using TLS 1.3. Remember that we have been visiting the Web site enabled.tls13.com, first without encryption, then with...

Richard Bejtlich Jun 7, 2019

Zeek

Investigating the effects of TLS 1.3 on Corelight logs, part 2

In part 1, I showed how Corelight would produce logs for a clear-text HTTP session. In part 2, I perform the same transaction using TLS 1.2.

Richard Bejtlich Jun 3, 2019

Zeek

Investigating the effects of TLS 1.3 on Corelight logs, part 1

In this first of three parts, I will introduce TLS and demonstrate a clear-text HTTP session as interpreted by Corelight logs.

Richard Bejtlich May 29, 2019

Zeek

How to use Corelight and Zeek logs to mitigate RDS/RDP vulnerabilities

CVE-2019-0708 is a serious vulnerability awaiting exploitation. Learn how to use Corelight and Zeek logs to mitigate RDS/RDP vulnerabilities.

Richard Bejtlich May 23, 2019

Zeek

Network Security Monitoring, a requirement for Managed Service Providers?

Over the last six months, a variety of MSPs were compromised. In this post, I aim to get a better understanding of those incidents.

Richard Bejtlich May 21, 2019

Zeek

Do you know your NSM data types?

Learn about the four NSM data types and the four core functions which one can perform with a passive network visibility platform.

Richard Bejtlich Apr 30, 2019

Zeek

Is IPS a feature or a product?

Is IPS a feature or a product? I will present my view on the topic, but I’m more interested in hearing what readers think!

Richard Bejtlich Apr 2, 2019

Zeek

First, Do No Harm

In this post I examine the statement's relevance and discuss why implementing NSM via passive instrumentation delivers on the promise of the...

Richard Bejtlich Mar 14, 2019

Zeek

Examining aspects of encrypted traffic through Zeek logs

In this post I will use Zeek logs to demonstrate alternative ways to analyze encrypted HTTP traffic.

Richard Bejtlich Feb 19, 2019

< 1 2 3 3 4 >

Corelight announces cloud enrichment for AWS, GCP, and Azure

The Corelight Partner Program

10 considerations for implementing an XDR strategy

Don't trust. Verify with evidence

Network Detection & Response

Corelight Bright Ideas Blog

Modernize threat detection and SOC efficiency with integrated Corelight Threat Intelligence

Stories by Richard

Investigating the effects of TLS 1.3 on Corelight logs, part 3

Investigating the effects of TLS 1.3 on Corelight logs, part 2

Investigating the effects of TLS 1.3 on Corelight logs, part 1

How to use Corelight and Zeek logs to mitigate RDS/RDP vulnerabilities

Network Security Monitoring, a requirement for Managed Service Providers?

Do you know your NSM data types?

Is IPS a feature or a product?

First, Do No Harm

Examining aspects of encrypted traffic through Zeek logs

Have questions?

Sign up for our newsletter

We’re hiring!