Corelight Bright Ideas Blog

Network Visibility

The high ground

Introducing Corelight’s new story + the value of NTA Read more »

12 talks to see at RSA 2020

RSA 2020 is fast approaching, and a colleague asked what talks I planned to attend. As I am not attending RSA, I thought I would answer her question anyway, with the hopes that those participating in the conference might benefit from my review of... Read more »

Corelight ECS mapping: Unified Zeek data for more efficient analytics

In addition to other great news we’ve recently shared, I’m pleased to announce that Corelight sensors now support the Elastic Common Schema (ECS) via our Corelight ECS Mapping. Read more »

Light in the darkness: New Corelight Encrypted Traffic Collection

This week’s launch of version 18 of our software features the Encrypted Traffic Collection, our first collection of a series of detections and data enrichments created by the Corelight research team. This collection focuses on SSH, SSL/TLS... Read more »

New Corelight app for Splunk: Making network-based threat hunting easier

Want to use Zeek (formerly Bro) network data in Splunk ES, but don’t know how to start or where to look? Read more »

A network engineer in a Zeek Week world

With almost two decades of networking experience, I recently made my first foray into a security-centric user conference at Zeek Week, an annual conference for the user community of the open source network security monitoring platform known as Zeek... Read more »

No tap? No problem!

Recently a fan of network security monitoring (NSM) asked me for advice on his current instrumentation situation. He said his organization was new to NSM and was interested in pursuing solutions with Corelight. However, the company did not have any... Read more »

An attack or just a game? Corelight can help you tell the difference quickly

When we think about using Corelight data, our mental models often fixate on finding evidence of suspicious and malicious activity. This makes sense, as network security monitoring data generated by Corelight and Zeek combines the granularity of... Read more »

First, Do No Harm

When we hear the phrase “first, do no harm,” most of us think of the Hippocratic Oath and its guidance for physicians. I was surprised to learn that the phrase as translated does not actually appear in the Greek, and that the origins are more... Read more »

How Bro logs gave one company better DNS traffic visibility than their DNS servers

Bro provides enriched network visibility for top organizations around the world, and there are many use cases for Bro logs.   The security field uses Bro data for incident response and cyber threat hunting. But Bro log use cases don’t always have to... Read more »

Search

    Recent Posts