Get Started

          Network Visibility

          Chocolate and peanut butter, Zeek and Suricata

          Some things just go well together. A privilege of working with very sophisticated defenders in the open source community is seeing the design patterns they use to secure their organizations – both technology and workflows. One of the most common has... Read more »

          The light shines even brighter: Updates to Corelight’s Encrypted Traffic Collection

          With Corelight’s latest software release, v19, we are excited to announce the expansion of our Encrypted Traffic Collection (ETC). The ETC was introduced in late 2019, but as a reminder it’s a collection of security insights around SSL/TLS and SSH... Read more »

          Detecting GnuTLS CVE-2020-13777 using Zeek

          CVE-2020-13777 is a high severity issue in GnuTLS. In a nutshell, GnuTLS versions between 3.6.4 (released 2018-09-24) and 3.6.14 (2020-06-03) have a serious bug in their session resumption code, which lets attackers either completely decrypt... Read more »

          Watch over DNS traffic with Corelight and Splunk

          Corelight sensors put your organization in the best position to watch over DNS traffic with a rich, powerful Network Traffic Analysis (NTA) data set. This article highlights the benefits of Corelight DNS logs, and demonstrates how Splunk Enterprise... Read more »

          The high ground

          Introducing Corelight’s new story + the value of NTA Read more »

          12 talks to see at RSA 2020

          RSA 2020 is fast approaching, and a colleague asked what talks I planned to attend. As I am not attending RSA, I thought I would answer her question anyway, with the hopes that those participating in the conference might benefit from my review of... Read more »

          Corelight ECS mapping: Unified Zeek data for more efficient analytics

          In addition to other great news we’ve recently shared, I’m pleased to announce that Corelight sensors now support the Elastic Common Schema (ECS) via our Corelight ECS Mapping. Read more »

          Light in the darkness: New Corelight Encrypted Traffic Collection

          This week’s launch of version 18 of our software features the Encrypted Traffic Collection, our first collection of a series of detections and data enrichments created by the Corelight research team. This collection focuses on SSH, SSL/TLS... Read more »

          New Corelight app for Splunk: Making network-based threat hunting easier

          Want to use Zeek (formerly Bro) network data in Splunk ES, but don’t know how to start or where to look? Read more »

          A network engineer in a Zeek Week world

          With almost two decades of networking experience, I recently made my first foray into a security-centric user conference at Zeek Week, an annual conference for the user community of the open source network security monitoring platform known as Zeek... Read more »

          Search

            Recent Posts