Corelight Bright Ideas Blog

Featured

Enhanced anomaly detection and east-west visibility improve evasive threat detection, reduce false positives, and help SOC teams focus on critical...

I downloaded Whonix version 15, in which two virtual machines work together to detect activity in a clever way.

In this post I will use Zeek logs to demonstrate alternative ways to analyze encrypted HTTP traffic.

With Corelight’s 1.15 release, we help figure out the host names associated with an IP address in prior network activity. Here's how it works.

Discover how Zeek (formerly Bro) logs gave one company better DNS traffic visibility than their DNS servers.

Have questions?