Corelight Bright Ideas Blog: NDR & Threat Hunting Blog

Day 1 detection: CVE-2020-0601, a community, and 40 lines of code

By Richard Bejtlich – January 16, 2020

On Tuesday, Jan. 14, 2020, the world learned of the vulnerability du jour, CVE-2020-0601. As explained by Microsoft, “a spoofing vulnerability exists in the way Windows CryptoAPI (Crypt32.dll) validates Elliptic Curve Cryptography (ECC)... Read more »

A network engineer in a Zeek Week world

By Sarah Banks – November 4, 2019

With almost two decades of networking experience, I recently made my first foray into a security-centric user conference at Zeek Week, an annual conference for the user community of the open source network security monitoring platform known as Zeek... Read more »

Is there a ‘Z’ in “Vectra”?

By Vern Paxson – May 20, 2019

Having worked on Zeek (Bro) for well over two decades now, it’s hugely gratifying – and frankly still somewhat amazing – to see how widely it is used in today’s enterprises. Zeek’s real-time analysis capabilities, extensible scripting,... Read more »

Zeek is much more than a data format

By Gregory Bell – April 23, 2019

Last week, a candidate for a senior role at Corelight explained his motivation for joining the company this way: “the world is standardizing on Zeek.” Read more »

Mission First, People Always.

By Amber Graener – April 8, 2019

I’d like to take a moment and introduce myself. I’m Amber Graner, and I’m excited to join Corelight, Inc as the Director of Community for the Zeek project. Read more »

The last BroCon. It’ll be Zeek in 2019!

By Robin Sommer – November 4, 2018

I’m back in San Francisco after the last ever BroCon! Why the last BroCon? Because the Bro Leadership Team has announced a new name for the project. After two years of discussion, no shortage of suggestions, and a final shortlist going through legal... Read more »

Corelight’s recent contributions to open-source Bro

By Robin Sommer – August 8, 2018

When we founded Corelight in 2013, one of our goals was to build an organization that could sustain open-source Bro development long term. At that time, the core team behind Bro was still funded primarily through grants from the National Science... Read more »

That’s a Wrap! The Bay Area’s First Open-Source Bro Meetup

By John Gamble – January 17, 2018

Last Tuesday Corelight hosted the Bay Area’s first meetup for the open-source Bro network security monitor and we saw a great turnout of Bro fanatics and first-timers alike at our San Francisco headquarters. Read more »

What’s the riskiest part of your Bro deployment? It may be you.

By Seth Hall – August 15, 2017

Don’t overlook the obvious: the answer may be you Let me explain, because I’ve watched the following story unfold many times. A curious person gets super excited about Bro, deploys it widely in their organization, and makes a big impact on the local... Read more »