Corelight Bright Ideas Blog: NDR & Threat Hunting Blog

Community ID support for Wireshark

By Christian Kreibich – October 6, 2020

The past few weeks have seen several developments around Community ID, our open standard for rendering network traffic flow tuples into a concise textual representation. I’d like to summarize them in this blog post. Read more »

Give me my stats!

By Keith J. Jones – September 20, 2020

I often develop packages for Zeek in cluster mode. In this configuration, it can be difficult to debug your package because it is a continually running environment with real, and often unpredictable, network data. If you add to that other packages... Read more »

Zeek & Sigma: Fully compatible for cross-SIEM detections

By Alex Kirk – June 24, 2020

Corelight recently teamed up with SOC Prime, creators of advanced cyber analytics platforms, to add support for the entire Zeek data set into Sigma, the only generic signature language that enables cross-SIEM detections from a single toolset.... Read more »