Tls

Investigating the effects of TLS 1.3 on Corelight logs, part 3

Introduction Welcome to part 3 of my three-part series on TLS. In the previous two articles I briefly introduced TLS, and showed how Corelight would produce logs for a clear-text HTTP session. I then performed the same transaction using TLS 1.2, and... Read more »

Investigating the effects of TLS 1.3 on Corelight logs, part 2

Introduction Welcome to part 2 of my three-part series on TLS. In the previous article I briefly introduced TLS, and showed how Corelight would produce logs for a clear-text HTTP session. In this article I will perform the same transaction using TLS... Read more »

Investigating the effects of TLS 1.3 on Corelight logs, part 1

Introduction I’ve written previously about Corelight data and encryption. I wanted to know how TLS 1.3 would appear in Corelight data, and compare the same network conversation over clear-text HTTP, TLS 1.2, and TLS 1.3. In this first of three... Read more »

How to use Corelight and Zeek logs to mitigate RDS/RDP vulnerabilities

Introduction On May 14 Microsoft released patches for, and details about, a remote code execution vulnerability in Remote Desktop Services (RDS), the graphical interactive desktop offered with most Windows operating system platforms. This... Read more »

How Zeek can provide insights despite encrypted communications

Overview Encrypted communications are ubiquitous. While encryption provides confidentiality, it cannot prevent all means of traffic analysis. Certain protocols, such as SSH and TLS, ensure contents are not directly readable by monitoring systems.... Read more »

Examining aspects of encrypted traffic through Zeek logs

In my last post I introduced the idea that analysis of encrypted HTTP traffic requires different analytical models. If you wish to preserve the encryption (and not inspect it via a middlebox), you have to abandon direct inspection of HTTP payloads... Read more »

Network security monitoring is dead, and encryption killed it.

This post is part of a multi-part series on encryption and network security monitoring. This post covers a brief history of encryption on the web and investigates the security analysis challenges that have developed as a result. I’ve been hearing... Read more »

There’s more to Bro than great network data

Corelight recently released our 1.15 software update which includes some fantastic new features, including our first group of curated Bro Packages which we’re calling the “Core Collection.”  In this blog post, I’ll tell you a bit more about how... Read more »

How we decide what Bro capabilities to include in our Sensor

We started Corelight to bring the power of Bro network monitoring to an audience that is interested in security, stability, and long-term sustainability. Even though we created and built Bro over the last 20 years, when we developed our commercial... Read more »

Securing the Corelight Sensor

Have you ever considered how security tools can be a source of risk? They process untrusted data 24/7, have access to sensitive flows, and (like everything on the Internet) can be exploited if not patched regularly.   Read more »

Search

    Recent Posts