Partners
          Get Started
          Get Started

          Corelight Bright Ideas Blog

          Mitre

          The evidence bank: leveraging security's most valuable asset

          By Bernard Brantley – June 30, 2022

          Editor's note: This is the fourth in a series of Corelight blog posts focusing on evidence-based security strategy. Catch up on all of the posts here. Read more »

          Don’t trust. Verify with evidence.

          By Brian Dye – April 7, 2022

          Editor's note: This is the first in a series of Corelight blog posts focusing on evidence-based security strategy. Catch up on all of the posts here. What matters most in a criminal trial? Evidence. Everything depends on the quality and depth of... Read more »

          Detecting Log4j exploits via Zeek when Java downloads Java

          By Corelight Labs Team – December 18, 2021

          We have published an initial blog on the Log4j exploit and a followup blog with a second detection method for detecting the first stage of exploits occurring over LDAP.  Today, we will discuss a third detection method, this one focused on the... Read more »

          Detecting Log4j via Zeek & LDAP traffic

          By Corelight Labs Team – December 16, 2021

          We recently discussed some methods for detecting the Log4j exploit, and we’ve now developed another method that everyone running Zeek® or a Corelight sensor can use. Our new approach is based on the rarity of legitimate downloads of Java via LDAP.... Read more »

          Simplifying detection of Log4Shell

          Simplifying detection of Log4Shell

          By Corelight Labs Team – December 14, 2021

          Security workers across the world have been busy since last Friday dealing with CVE-2021-44228, the log4j 0-day known as Log4Shell, that is already being heavily exploited across the Internet. Given the huge number of systems that embed the... Read more »

          Introducing the Corelight SSH Inference package

          By Anthony Kasza – November 18, 2019

          Corelight has recently released a new package, focusing on SSH inferences, as part of our Encrypted Traffic Collection. The package installs on sensors with a few clicks and provides network traffic analysis (NTA) inferences on live SSH traffic.... Read more »

          A network engineer in a Zeek Week world

          By Sarah Banks – November 4, 2019

          With almost two decades of networking experience, I recently made my first foray into a security-centric user conference at Zeek Week, an annual conference for the user community of the open source network security monitoring platform known as Zeek... Read more »

          Hello, my name is??

          By Vince Stoffer – June 10, 2019

          Corelight just released our v17 software release and it’s packed with a number of cool new features including the Input Framework, Community ID, and MITRE’s BZAR collection of detections for lateral movement. Let me share a few details about how... Read more »

          Search

            Recent Posts

            Categories

            See all

            Archives

            See all

            Authors

            See all