This post will outline some methods Zeek employs to provide visibility into SSH connections.
In this post I will use Zeek logs to demonstrate alternative ways to analyze encrypted HTTP traffic.
This post covers a brief history of encryption on the web and investigates the security analysis challenges that have developed as a result.
With Corelight’s 1.15 release, we help figure out the host names associated with an IP address in prior network activity. Here's how it works.
In this blog post, find out how Corelight is making it easier to detect threats on your network, and provides even better data to respond to them.
I want to take the opportunity here to talk about a few of our more recent contributions to open-source Zeek (formerly Bro).
In previous projects, I’ve tackled some needle-in-haystack problems. From these efforts, several high-level themes have emerged.
Zeek (formerly Bro) generates real-time data about network flows. But it can do a lot more, and in this blog series, we’ll highlight lesser-known...