Corelight Bright Ideas Blog: NDR & Threat Hunting Blog

The light shines even brighter: Updates to Corelight’s Encrypted Traffic Collection

By Vince Stoffer – June 15, 2020

With Corelight’s latest software release, v19, we are excited to announce the expansion of our Encrypted Traffic Collection (ETC). The ETC was introduced in late 2019, but as a reminder it’s a collection of security insights around SSL/TLS and SSH... Read more »

Detecting OpenBSD CVE-2019-19521 SSH exploit attempts

By Anthony Kasza – December 5, 2019

On December 4, Qualys released a security advisory for an authentication bypass vulnerability in OpenBSD, CVE-2019-19521. The vulnerability affects multiple services in OpenBSD including smtpd, sshd, ldapd, and radiusd. This immediately caught our... Read more »

Investigating the effects of TLS 1.3 on Corelight logs, part 1

By Richard Bejtlich – May 28, 2019

Introduction I’ve written previously about Corelight data and encryption. I wanted to know how TLS 1.3 would appear in Corelight data, and compare the same network conversation over clear-text HTTP, TLS 1.2, and TLS 1.3. In this first of three... Read more »