Corelight Bright Ideas Blog

Featured

Modernize threat detection and SOC efficiency with integrated Corelight Threat Intelligence

Enhanced anomaly detection and east-west visibility improve evasive threat detection, reduce false positives, and help SOC teams focus on critical...

Allen Marin Oct 30, 2025

All
Zeek
Network Security Monitoring
featured
network security
NDR
Corelight
network detection response
cybersecurity
network traffic analysis
SOC
Bro
network visibility
Corelight Labs
Richard Bejtlich
SIEM
Product
open source
Announcements
threat hunting
Suricata
Splunk
DNS
Industry
PCAP
TLS
BlackHat
open source community
Corelight Sensor
NSM
Partnership
HTTP
MITRE ATT&CK
GitHub
Incident response
Zeek Logs
encrypted traffic
network evidence
SSH
microsoft
encrypted traffic collection
Detection
JSON
command and control
encryption
ja3
AWS
HTTPS
IDS
SSL
conn.log

network detection response

Detecting Log4j exploits via Zeek when Java downloads Java

The blog covers a third log4j detection method, this one focused on the second-stage download that happens after the first stage completes.

Corelight Labs Team Dec 18, 2021

network detection response

Detecting Log4j via Zeek & LDAP traffic

We recently discussed some methods for detecting the Log4j exploit, and we’ve developed another method that one running Zeek® or a Corelight sensor...

Corelight Labs Team Dec 17, 2021

Corelight announces cloud enrichment for AWS, GCP, and Azure

The Corelight Partner Program

10 considerations for implementing an XDR strategy

Don't trust. Verify with evidence

Network Detection & Response

Corelight Bright Ideas Blog

Modernize threat detection and SOC efficiency with integrated Corelight Threat Intelligence

Detecting Log4j exploits via Zeek when Java downloads Java

Detecting Log4j via Zeek & LDAP traffic

Have questions?

Sign up for our newsletter

We’re hiring!