Bro’s SMB protocol analyzer has undergone several iterations, and it is now a built-in feature that many Bro users might have overlooked.
When we developed our commercial product we made some design decisions that make running the Corelight Sensor slightly different from running...
The Corelight for Splunk app is now available! Using the new app you can now monitor the health and performance of Corelight Sensors in Splunk and...
I’ve enjoyed meeting many companies and leaders in the Bay Area. The best was with Corelight (where I recently joined as their chief product officer).
Redefs allow the re-definition of already defined constants in Bro. This is often done in local.bro. To modify Site::local_net, use code similar to...
Corelight hosted the Bay Area’s first meetup for the open-source Bro network security monitor; we saw a great turnout of fanatics and first-timers.
To us, extensibility is not an afterthought that we try to tuck on in a few release cycles. It permeates the way we think about network monitoring.
Find recent bulletins from Corelight.
In previous projects, I’ve tackled some needle-in-haystack problems. From these efforts, several high-level themes have emerged.