I’m seven months into a new job here at Corelight as a product manager, and I’m still as excited about Zeek as I was last month about Zeek Week....
This true story illustrates how Corelight could have assisted with the realization that activity is not suspicious or malicious, but is in fact...
While I have used log collection and SIEM platforms to review Zeek transaction logs, it is not necessary to wait for a SIEM before collecting...
Discover what the terms detection, inference, and identification mean, and how they can help you when investigating activity in your environment.
I downloaded Whonix version 15, in which two virtual machines work together to detect activity in a clever way.
Announcing the Corelight Cloud Sensor, deployable in AWS and capable of ingesting traffic directly from the new Amazon VPC traffic mirroring feature.
In part 1, I showed how Corelight would produce logs for a clear-text HTTP session. In part 2, I perform the same transaction using TLS 1.2.
In this first of three parts, I will introduce TLS and demonstrate a clear-text HTTP session as interpreted by Corelight logs.
CVE-2019-0708 is a serious vulnerability awaiting exploitation. Learn how to use Corelight and Zeek logs to mitigate RDS/RDP vulnerabilities.