Corelight Labs reviewed a POC exploit for CVE-2022-30216 and wrote a Zeek-based detection and released the package on GitHub.
Federal CTO Jean Schaffer explores how evidence - not data - is critical to speed defenders’ knowledge and response capabilities.
Organizations often implement a data collection strategy out of fear, collecting everything “just in case.” I challenge the assumption.
We show how enriching Zeek® logs with cloud and container context makes it faster to tie interesting activity to the container or cloud asset...
In this post Corelight Labs reviewed a proof of concept exploit for this vulnerability and wrote a Zeek-based detection for it.
This post shows how a Microsoft NFS exploit (CVE-2022-26937) can be detected using Zeek.
This morning we announced Corelight Investigator, an open NDR platform that enables security teams with next-level evidence. Here is how it works.
In this post, we share simple ways to detect evidence of CVE-2022-22954 in Zeek logs, which can be adapted to other data stores (e.g., a SIEM).
Learn about the attributes of high-quality evidence. What should evidence look like, in order to be useful to defenders when the next security event...