This post contains a warning and a solution for anyone using BPF syntax when filtering traffic for network security monitoring.
I love this quote by John Lambert. It perfectly describes the impact network defenders can achieve by pooling resources, insights, and techniques.
Corelight can improve operational excellence, performance, reliability, cost effectiveness, and security results in the AWS cloud.
We’ve just open sourced a Zeek package that detects exploit attempts and successes. This package demonstrates a couple of aspects that are worth...
We are pleased to launch our newest installment of the Corelight App for Splunk (Corelight App) and the Corelight Technical Add-on (TA).
This blog post explains three levels of analysis and how encryption has affected NSM, demonstrating that NSM remains relevant, despite encryption.
Today we are open sourcing a Zeek package that passively detects the presence of some of the tell-tale signs that Treck devices can exhibit.
Corelight recently teamed up with SOC Prime, creators of advanced cyber analytics platforms, to add support for the entire Zeek data set into Sigma.
In this post, we’ll explore DNS over TLS (DoT) and DNS over HTTPS (DoH). Before examining DoT and DoH, it’s important to take a quick look at DNS...