This post shows how a Microsoft NFS exploit (CVE-2022-26937) can be detected using Zeek.
This morning we announced Corelight Investigator, an open NDR platform that enables security teams with next-level evidence. Here is how it works.
In this post, we share simple ways to detect evidence of CVE-2022-22954 in Zeek logs, which can be adapted to other data stores (e.g., a SIEM).
Learn about the attributes of high-quality evidence. What should evidence look like, in order to be useful to defenders when the next security event...
The Corelight Labs team investigates CVE-2022-26809 and open-sources a Zeek package that detects attempts and successful exploitation in unencrypted...
Our new integration with AWS GWLB Endpoint simplifies network traffic monitoring & generates Corelight data in massively scaled-out public cloud...
We demonstrate how the visibility of network traffic passing between pods and containers within the K8s network can be utilized to detect a log4j...
What do I say if my team discovers a breach of our digital assets? This is a question that requires understanding “defensible disclosure.”
Sniffing and mirroring network traffic from containers can be complicated. This post explores one approach to achieve this by injecting a sniffer...