CONTACT US
forrester wave report 2023

Close your ransomware case with Open NDR

SEE HOW

ad-nav-crowdstrike

Corelight now powers CrowdStrike solutions and services

READ MORE

ad-images-nav_0013_IDS

Alerts, meet evidence.

LEARN MORE ABOUT OUR IDS SOLUTION

ad-images-nav_white-paper

5 Ways Corelight Data Helps Investigators Win

READ WHITE PAPER

glossary-icon

10 Considerations for Implementing an XDR Strategy

READ NOW

ad-images-nav_0006_Blog

Don't trust. Verify with evidence

READ BLOG

video

The Power of Open-Source Tools for Network Detection and Response

WATCH THE WEBCAST

ad-nav-ESG

The Evolving Role of NDR

DOWNLOAD THE REPORT

ad-images-nav_0006_Blog

Detecting 5 Current APTs without heavy lifting

READ BLOG

g2-medal-best-support-spring-2024

Network Detection and Response

SUPPORT OVERVIEW

 

Http

Examining aspects of encrypted traffic through Zeek logs

In my last post I introduced the idea that analysis of encrypted HTTP traffic requires different analytical models. If you wish to preserve the encryption (and not inspect it via a middlebox), you have to abandon direct inspection of HTTP payloads... Read more »

Network security monitoring is dead, and encryption killed it.

This post is part of a multi-part series on encryption and network security monitoring. This post covers a brief history of encryption on the web and investigates the security analysis challenges that have developed as a result. I’ve been hearing... Read more »

Log enrichment with DNS host names

One of the first tasks for any incident responder when looking at network logs is to figure out the host names that were associated with an IP address in prior network activity. With Corelight’s 1.15 release we help automate the process and I would... Read more »

There’s more to Bro than great network data

Corelight recently released our 1.15 software update which includes some fantastic new features, including our first group of curated Bro Packages which we’re calling the “Core Collection.” In this blog post, I’ll tell you a bit more about how... Read more »

Corelight’s recent contributions to open-source Bro

When we founded Corelight in 2013, one of our goals was to build an organization that could sustain open-source Bro development long term. At that time, the core team behind Bro was still funded primarily through grants from the National Science... Read more »

Finding Very Damaging Needles in Very Large Haystacks

Some of the most costly security compromises that enterprises suffer manifest as tiny trickles of behavior hidden within an ocean of other site activity. Finding such incidents, and unraveling their full scope once detected, requires far-ranging... Read more »

Another cool thing about Bro: tracking files!

You probably know that Bro generates real-time data about network flows, highly valued by threat hunters & incident responders around the world. But Bro can do a lot more, and in this blog series, we’ll highlight lesser-known features from time to... Read more »