Get Started

          Network Security

          CrowdStrike + Corelight partner to reach new heights

          Through our newly announced partnership with CrowdStrike, Corelight customers will be able to incorporate CrowdStrike’s best-in-class threat intelligence into Corelight Sensors to generate actionable alerts and network evidence. In addition, by... Read more »

          Community ID support for Wireshark

          The past few weeks have seen several developments around Community ID, our open standard for rendering network traffic flow tuples into a concise textual representation. I’d like to summarize them in this blog post. Read more »

          Mixed VLAN tags and BPF syntax

          This post contains a warning and a solution for anyone using BPF syntax when filtering traffic for network security monitoring.  Read more »

          Zeek & Sigma: Fully compatible for cross-SIEM detections

          Corelight recently teamed up with SOC Prime, creators of advanced cyber analytics platforms, to add support for the entire Zeek data set into Sigma, the only generic signature language that enables cross-SIEM detections from a single toolset.... Read more »

          Chocolate and peanut butter, Zeek and Suricata

          Some things just go well together. A privilege of working with very sophisticated defenders in the open source community is seeing the design patterns they use to secure their organizations – both technology and workflows. One of the most common has... Read more »

          Detecting GnuTLS CVE-2020-13777 using Zeek

          CVE-2020-13777 is a high severity issue in GnuTLS. In a nutshell, GnuTLS versions between 3.6.4 (released 2018-09-24) and 3.6.14 (2020-06-03) have a serious bug in their session resumption code, which lets attackers either completely decrypt... Read more »

          Detecting the new CallStranger UPnP vulnerability with Zeek

          On June 8, Yunus Çadırcı, a cybersecurity senior manager at EY Turkey released a whitepaper and proof of concept code repository for a newly discovered vulnerability in the Universal Plug and Play (UPnP) protocol. UPnP is widely used in intranets to... Read more »

          The high ground

          Introducing Corelight’s new story + the value of NTA Read more »

          Corelight ECS mapping: Unified Zeek data for more efficient analytics

          In addition to other great news we’ve recently shared, I’m pleased to announce that Corelight sensors now support the Elastic Common Schema (ECS) via our Corelight ECS Mapping. Read more »

          New Corelight app for Splunk: Making network-based threat hunting easier

          Want to use Zeek (formerly Bro) network data in Splunk ES, but don’t know how to start or where to look? Read more »

          Search

            Recent Posts