Corelight Bright Ideas Blog: NDR & Threat Hunting Blog

Day 1 detection: CVE-2020-0601, a community, and 40 lines of code

By Richard Bejtlich – January 16, 2020

On Tuesday, Jan. 14, 2020, the world learned of the vulnerability du jour, CVE-2020-0601. As explained by Microsoft, “a spoofing vulnerability exists in the way Windows CryptoAPI (Crypt32.dll) validates Elliptic Curve Cryptography (ECC)... Read more »

Is there a ‘Z’ in “Vectra”?

By Vern Paxson – May 20, 2019

Having worked on Zeek (Bro) for well over two decades now, it’s hugely gratifying – and frankly still somewhat amazing – to see how widely it is used in today’s enterprises. Zeek’s real-time analysis capabilities, extensible scripting,... Read more »

How Zeek can provide insights despite encrypted communications

By Anthony Kasza – May 6, 2019

Overview Encrypted communications are ubiquitous. While encryption provides confidentiality, it cannot prevent all means of traffic analysis. Certain protocols, such as SSH and TLS, ensure contents are not directly readable by monitoring systems.... Read more »

Zeek is much more than a data format

By Gregory Bell – April 23, 2019

Last week, a candidate for a senior role at Corelight explained his motivation for joining the company this way: “the world is standardizing on Zeek.” Read more »

Corelight: #winning in Network Security

By Alan Saldich – March 4, 2019

2018 was undoubtedly a banner year for Corelight. We closed out 2018 with many successes under our belt that reflect the hard work of our people: We more than quadrupled our sales year-over-year and more than doubled our customer base and employee... Read more »

Corelight: a recipe I couldn’t refuse

By Joy Bonaguro – September 25, 2018

It’s hard to beat a mission like transforming government for the 21st Century. That’s what I’ve been doing for more or less my entire professional life. From building information systems in New Orleans both before and after Hurricane Katrina in 2005... Read more »

There’s more to Bro than great network data

By Vince Stoffer – September 5, 2018

Corelight recently released our 1.15 software update which includes some fantastic new features, including our first group of curated Bro Packages which we’re calling the “Core Collection.” In this blog post, I’ll tell you a bit more about how... Read more »

Corelight’s recent contributions to open-source Bro

By Robin Sommer – August 8, 2018

When we founded Corelight in 2013, one of our goals was to build an organization that could sustain open-source Bro development long term. At that time, the core team behind Bro was still funded primarily through grants from the National Science... Read more »

Databricks + Corelight – A powerful combination for cybersecurity, incident response and threat hunting

By Alan Saldich – July 16, 2018

Incident response, threat hunting and cybersecurity in general relies on great data. Just like the rest of the world where virtually everything these days is data-driven, from self-driving cars to personalized medicine, effective security strategies... Read more »

How we decide what Bro capabilities to include in our Sensor

By Seth Hall – April 4, 2018

We started Corelight to bring the power of Bro network monitoring to an audience that is interested in security, stability, and long-term sustainability. Even though we created and built Bro over the last 20 years, when we developed our commercial... Read more »