This package runs on Corelight Sensors and provides network traffic analysis (NTA) inferences on live RDP traffic.
Corelight data enables immediate SOC improvements. Here's a walkthrough of initial playbooks.
We hosted a virtual CTF tournament where hundreds of players raced to solve security challenges using Zeek data in Splunk and Elastic. Here are the...
I downloaded Whonix version 15, in which two virtual machines work together to detect activity in a clever way.
In part 1, I showed how Corelight would produce logs for a clear-text HTTP session. In part 2, I perform the same transaction using TLS 1.2.
CVE-2019-0708 is a serious vulnerability awaiting exploitation. Learn how to use Corelight and Zeek logs to mitigate RDS/RDP vulnerabilities.
Last week, a candidate for a role at Corelight explained his motivation for joining the company: “the world is standardizing on Zeek.” Here's why...
In this post I will use Zeek logs to demonstrate alternative ways to analyze encrypted HTTP traffic.
I’m back in San Francisco after the last ever BroCon! Why the last BroCon? Because the Bro Leadership Team has announced a new name for the project.