We show how enriching Zeek® logs with cloud and container context makes it faster to tie interesting activity to the container or cloud asset...
In this post Corelight Labs reviewed a proof of concept exploit for this vulnerability and wrote a Zeek-based detection for it.
This post shows how a Microsoft NFS exploit (CVE-2022-26937) can be detected using Zeek.
This morning we announced Corelight Investigator, an open NDR platform that enables security teams with next-level evidence. Here is how it works.
Learn about the attributes of high-quality evidence. What should evidence look like, in order to be useful to defenders when the next security event...
What do I say if my team discovers a breach of our digital assets? This is a question that requires understanding “defensible disclosure.”
Sniffing and mirroring network traffic from containers can be complicated. This post explores one approach to achieve this by injecting a sniffer...
Our new collaboration with CrowdStrike and Humio allows our customers and the community to experience the value of evidence.
This post explores the need, different approaches and pros and cons of monitor traffic in Kubernetes environments.