Corelight Bright Ideas Blog: NDR & Threat Hunting Blog

Light in the darkness: New Corelight Encrypted Traffic Collection

By Vince Stoffer – November 19, 2019

This week’s launch of version 18 of our software features the Encrypted Traffic Collection, our first collection of a series of detections and data enrichments created by the Corelight research team. This collection focuses on SSH, SSL/TLS... Read more »

New Corelight app for Splunk: Making network-based threat hunting easier

By Ed Smith – November 18, 2019

Want to use Zeek (formerly Bro) network data in Splunk ES, but don’t know how to start or where to look? Read more »

A network engineer in a Zeek Week world

By Sarah Banks – November 4, 2019

With almost two decades of networking experience, I recently made my first foray into a security-centric user conference at Zeek Week, an annual conference for the user community of the open source network security monitoring platform known as Zeek... Read more »

No tap? No problem!

By Richard Bejtlich – October 21, 2019

Recently a fan of network security monitoring (NSM) asked me for advice on his current instrumentation situation. He said his organization was new to NSM and was interested in pursuing solutions with Corelight. However, the company did not have any... Read more »

Using Corelight to monitor and identify exploited VPNs

By Richard Bejtlich – October 1, 2019

Network and security infrastructure, such as routers, switches, firewalls, virtual private network concentrators, and other equipment, are designed to provide a stable and secure communications experience for client and server computers and their... Read more »

An attack or just a game? Corelight can help you tell the difference quickly

By Richard Bejtlich – September 11, 2019

When we think about using Corelight data, our mental models often fixate on finding evidence of suspicious and malicious activity. This makes sense, as network security monitoring data generated by Corelight and Zeek combines the granularity of... Read more »

Don’t delay – Corelight today!

By Richard Bejtlich – July 31, 2019

Introduction Recently I heard that a company interested in Corelight was considering delaying their evaluation because of questions about SIEM technology. They currently have two SIEMs and are evaluating a third, possibly to replace the first two.... Read more »

What did I just see? Detection, inference, and identification

By Richard Bejtlich – July 29, 2019

In the course of my network security monitoring work at Corelight, I’ve encountered the terms detection, inference, and identification. In this post I will examine what these terms mean, and how they can help you describe the work you do when... Read more »

Profiling Whonix

By Richard Bejtlich – July 17, 2019

Introduction This week I read a story announcing that the latest edition of Whonix had been released. I had heard of Whonix, but had never tried it. I knew it was a Linux distribution that tried to make it as easy and safe as possible to anonymize... Read more »

Bring Network Security Monitoring to the cloud with Corelight and Amazon VPC Traffic Mirroring

By John Gamble – June 24, 2019

Corelight Sensors transform network traffic into comprehensive logs, extracted files, and custom insights via Zeek, a powerful, open-source network security monitoring framework used by thousands of organizations worldwide to accelerate incident... Read more »