In this post, we share simple ways to detect evidence of CVE-2022-22954 in Zeek logs, which can be adapted to other data stores (e.g., a SIEM).
Learn about the attributes of high-quality evidence. What should evidence look like, in order to be useful to defenders when the next security event...
The Corelight Labs team investigates CVE-2022-26809 and open-sources a Zeek package that detects attempts and successful exploitation in unencrypted...
Our new integration with AWS GWLB Endpoint simplifies network traffic monitoring & generates Corelight data in massively scaled-out public cloud...
We demonstrate how the visibility of network traffic passing between pods and containers within the K8s network can be utilized to detect a log4j...
What do I say if my team discovers a breach of our digital assets? This is a question that requires understanding “defensible disclosure.”
Sniffing and mirroring network traffic from containers can be complicated. This post explores one approach to achieve this by injecting a sniffer...
This post explores the need, different approaches and pros and cons of monitor traffic in Kubernetes environments.
The most sophisticated cyber defense teams in the world have shifted their strategies towards the collection and analysis of high-quality evidence.