Get Started

          Network Traffic Analysis

          Zeek & Sigma: Fully compatible for cross-SIEM detections

          Corelight recently teamed up with SOC Prime, creators of advanced cyber analytics platforms, to add support for the entire Zeek data set into Sigma, the only generic signature language that enables cross-SIEM detections from a single toolset.... Read more »

          DNS over TLS and DNS over HTTPS

          In this post, we’ll explore DNS over TLS (DoT) and DNS over HTTPS (DoH).  Read more »

          Chocolate and peanut butter, Zeek and Suricata

          Some things just go well together. A privilege of working with very sophisticated defenders in the open source community is seeing the design patterns they use to secure their organizations – both technology and workflows. One of the most common has... Read more »

          The light shines even brighter: Updates to Corelight’s Encrypted Traffic Collection

          With Corelight’s latest software release, v19, we are excited to announce the expansion of our Encrypted Traffic Collection (ETC). The ETC was introduced in late 2019, but as a reminder it’s a collection of security insights around SSL/TLS and SSH... Read more »

          Detecting GnuTLS CVE-2020-13777 using Zeek

          CVE-2020-13777 is a high severity issue in GnuTLS. In a nutshell, GnuTLS versions between 3.6.4 (released 2018-09-24) and 3.6.14 (2020-06-03) have a serious bug in their session resumption code, which lets attackers either completely decrypt... Read more »

          Detecting the new CallStranger UPnP vulnerability with Zeek

          On June 8, Yunus Çadırcı, a cybersecurity senior manager at EY Turkey released a whitepaper and proof of concept code repository for a newly discovered vulnerability in the Universal Plug and Play (UPnP) protocol. UPnP is widely used in intranets to... Read more »

          Enabling SOHO Network Security Monitoring

           One of the most popular and regularly occurring questions I see in network security monitoring forums involves how to instrument a small office – home office (SOHO) environment. There are ways to accomplish this goal. For example, I instrument my... Read more »

          Watch over DNS traffic with Corelight and Splunk

          Corelight sensors put your organization in the best position to watch over DNS traffic with a rich, powerful Network Traffic Analysis (NTA) data set. This article highlights the benefits of Corelight DNS logs, and demonstrates how Splunk Enterprise... Read more »

          Using Corelight and Zeek to support remote workers

          Due to the tragic Covid-19 pandemic, as we are all experiencing first hand, most governments and health officials are either mandating or encouraging those who can work from home to do so, as part of widespread “social distancing” measures. Remote... Read more »

          The high ground

          Introducing Corelight’s new story + the value of NTA Read more »

          Search

            Recent Posts