Corelight Bright Ideas Blog

Featured Post

How do you find an adversary who lives where you can't easily look? A recent CISA advisory on the state-sponsored actor "Salt Typhoon" highlights this exact challenge. These actors aren't just breaking in; they're moving in. They persist on network edge devices like routers and firewalls—critical infrastructure that often sits outside the view of... Read more »

Additional Posts

Mixed VLAN tags and BPF syntax

By Richard Bejtlich – August 26, 2020

This post contains a warning and a solution for anyone using BPF syntax when filtering traffic for network security monitoring. Read more »

Together is faster: Zeek for vulnerabilities

By Gregory Bell – August 17, 2020

“There is an open approach that is currently rippling across the infosec industry that could give defenders the acceleration they need.” – John Lambert (Distinguished Engineer, Microsoft) Read more »

NDR for AWS Well-Architected

By Roger Cheeks – August 5, 2020

Corelight is a powerful network traffic analysis tool that enables network detection and response (NDR) for AWS Cloud workloads by receiving packets from an AWS Virtual Private Cloud (VPC) traffic mirror and cloud packet brokers. Corelight extracts... Read more »

Zeek in its sweet spot: Detecting F5’s Big-IP CVE10 (CVE-2020-5902)

By Ben Reardon – July 27, 2020

Having a CVE 10 unauthenticated Remote Code Execution vulnerability on a central load balancing device? That’s bad… Read more »

Corelight Splunk App update: New dashboard and data

By Roger Cheeks – July 19, 2020

In support of Corelight’s latest software release, v19, we are pleased to launch our newest installment of the Corelight App for Splunk (Corelight App) and the Corelight Technical Add-on (TA). Both software packages are available on Splunkbase. The... Read more »

Network Security Monitoring data: Types I, II, and III

By Richard Bejtlich – July 7, 2020

Some critics claim that ever growing encryption renders network security monitoring useless. This opinion is based on a dated understanding of the types and values of data collected and analyzed by computer incident response teams (CIRTs) that... Read more »

Ripple20 Zeek package open sourced

By Ben Reardon – June 29, 2020

Recently, security research group JSOF released 19 vulnerabilities related to the “Treck” TCP/IP stack. This stack exists on many devices as part of the supply chain of many well known IoT/ICS/device vendors. Think 100s of millions/billions of... Read more »

Zeek & Sigma: Fully compatible for cross-SIEM detections

By Alex Kirk – June 24, 2020

Corelight recently teamed up with SOC Prime, creators of advanced cyber analytics platforms, to add support for the entire Zeek data set into Sigma, the only generic signature language that enables cross-SIEM detections from a single toolset.... Read more »

DNS over TLS and DNS over HTTPS

By Jamie Brim – June 17, 2020

In this post, we’ll explore DNS over TLS (DoT) and DNS over HTTPS (DoH). Read more »

Chocolate and peanut butter, Zeek and Suricata

By Brian Dye – June 15, 2020

Some things just go well together. A privilege of working with very sophisticated defenders in the open source community is seeing the design patterns they use to secure their organizations – both technology and workflows. One of the most common has... Read more »

Load Older Posts

Corelight Bright Ideas Blog

Featured Post

Exposing Salt Typhoon on the network using the PEAK Threat Hunting Framework

Additional Posts

Mixed VLAN tags and BPF syntax

Together is faster: Zeek for vulnerabilities

NDR for AWS Well-Architected

Zeek in its sweet spot: Detecting F5’s Big-IP CVE10 (CVE-2020-5902)

Corelight Splunk App update: New dashboard and data

Network Security Monitoring data: Types I, II, and III

Ripple20 Zeek package open sourced

Zeek & Sigma: Fully compatible for cross-SIEM detections

DNS over TLS and DNS over HTTPS

Chocolate and peanut butter, Zeek and Suricata

Recent Posts

Sign up for our newsletter

Locations

1 (888) 547-9497

We're hiring!