Get Started

          Bro

          Profiling Whonix

          Introduction This week I read a story announcing that the latest edition of Whonix had been released. I had heard of Whonix, but had never tried it. I knew it was a Linux distribution that tried to make it as easy and safe as possible to anonymize... Read more »

          Investigating the effects of TLS 1.3 on Corelight logs, part 2

          Introduction Welcome to part 2 of my three-part series on TLS. In the previous article I briefly introduced TLS, and showed how Corelight would produce logs for a clear-text HTTP session. In this article I will perform the same transaction using TLS... Read more »

          Investigating the effects of TLS 1.3 on Corelight logs, part 1

          Introduction I’ve written previously about Corelight data and encryption. I wanted to know how TLS 1.3 would appear in Corelight data, and compare the same network conversation over clear-text HTTP, TLS 1.2, and TLS 1.3. In this first of three... Read more »

          How to use Corelight and Zeek logs to mitigate RDS/RDP vulnerabilities

          Introduction On May 14 Microsoft released patches for, and details about, a remote code execution vulnerability in Remote Desktop Services (RDS), the graphical interactive desktop offered with most Windows operating system platforms. This... Read more »

          Network Security Monitoring, a requirement for Managed Service Providers?

          Over the last six months, we’ve read in the security press about a variety of managed service providers (MSPs) being compromised by nation-state and criminal actors. Some examples: Read more »

          Is there a ‘Z’ in “Vectra”?

          Having worked on Zeek (Bro) for well over two decades now, it’s hugely gratifying – and frankly still somewhat amazing – to see how widely it is used in today’s enterprises. Zeek’s real-time analysis capabilities, extensible scripting,... Read more »

          How Zeek can provide insights despite encrypted communications

          Overview Encrypted communications are ubiquitous. While encryption provides confidentiality, it cannot prevent all means of traffic analysis. Certain protocols, such as SSH and TLS, ensure contents are not directly readable by monitoring systems.... Read more »

          Zeek is much more than a data format

          Last week, a candidate for a senior role at Corelight explained his motivation for joining the company this way: “the world is standardizing on Zeek.”   Read more »

          Mission First, People Always.

          I’d like to take a moment and introduce myself.  I’m Amber Graner, and I’m excited to join Corelight, Inc as the Director of Community for the open source Zeek project.   Read more »

          Is IPS a feature or a product?

          This post is a departure from previous editions. It is inspired by discussions I’ve had recently with a few different online and in-person communities. I will present my view on the topic, but I’m more interested in hearing what readers think! Read more »

          Search

            Recent Posts