Skip to content
  • There are no suggestions because the search field is empty.
PROTECTING OVER $1B IN DAILY TRADES
DEFENDING ENERGY FOR 32+M U.S. USERS
SECURING NETWORKS FOR 52K+ TRANSPORT VEHICLES
PROTECTING OVER $10T IN MANAGED ASSETS
SECURING 16+M ANNUAL PATIENT VISITS
+1(888) 547-9497
Corelight Labs

Insights

Core Collections

Collections of scripts and plug-ins created for Corelight Sensors that detect malicious behaviors and expand on Zeek data.

C2 Collection - Detection for over 50 types of command and control activity
Encrypted Traffic Collection - Unique insights to investigate encrypted traffic present on most networks
Core Collection - Expanded insights for monitoring high-throughput sites for port scanning, cryptomining, and more

Zeek open source packages

JPEG File Analyzer - Logs additional information about JPEG images
ELF File Analyzer - Logs additional information about ELF based executable files
RedXOR C2 Detector - Detects RedXOR malware by looking for it’s command and control network traffic
ZeroLogin Detector - Detects network traffic specific to the ZeroLogin vulnerabilities

Query a full list of all Zeek packages:

https://packages.zeek.org/packages?q=corelight

Zeek open source enhancements

ECS Mappings for Zeek
ECS Dashboards
Ansible Roles for supporting Corelight sensors
Spicy Protocol Parsers

Documentation and guides

Cheatsheets
Zeek documentation

To learn more about Corelight Labs, contact our team.