Federal CTO Jean Schaffer explores how evidence - not data - is critical to speed defenders’ knowledge and response capabilities.
We show how enriching Zeek® logs with cloud and container context makes it faster to tie interesting activity to the container or cloud asset...
In this post Corelight Labs reviewed a proof of concept exploit for this vulnerability and wrote a Zeek-based detection for it.
This post shows how a Microsoft NFS exploit (CVE-2022-26937) can be detected using Zeek.
This morning we announced Corelight Investigator, an open NDR platform that enables security teams with next-level evidence. Here is how it works.
Learn about the attributes of high-quality evidence. What should evidence look like, in order to be useful to defenders when the next security event...
What do I say if my team discovers a breach of our digital assets? This is a question that requires understanding “defensible disclosure.”
Sniffing and mirroring network traffic from containers can be complicated. This post explores one approach to achieve this by injecting a sniffer...
Our new collaboration with CrowdStrike and Humio allows our customers and the community to experience the value of evidence.