Understanding exactly why Zeek is so much more poweful than what you're using now can be complex. This white paper illustrates five examples that show specifically how and why Corelight lets you resolve issues that can't be resolved using traditional methods like Netflow and PCAP.
Like Netflow, on steroids. The master connection record with a UID so you can pivot effortlessly across all protocol activity associated with a given connection.
You wish your DNS server records gave you this much detail. The full five tuple and DNS query? They’re included in Corelight’s DNS log, along with many more useful DNS fields for security operations.
Think encrypted traffic yields no secrets? False. Corelight’s encrypted traffic parsing capabilities allow you to fingerprint SSL connections for blacklisting and whitelisting, discover self-signed and expired certificates, and much more.
Every file that crosses the network gets its own log. File type doesn’t match the MIME type? You’ll see that in this log. Hashes for malware lookups? They’re included too. Corelight can also reassemble and extract all files that cross the network for additional downstream analysis.
See every unique piece of software used by a client or server on your network. Track BYO software use and outdated software versions to assist your vulnerability management program.