Raspberry Pi sensors for home networks

Who’s your fridge talking to at night?

By Gary Fisk, Sales Engineer, Corelight I love origin stories – the tales of grand plans, unforeseen circumstances, and necessity that creates something new. These strange times have resulted in something new ...
Community ID support for Wireshark

Community ID support for Wireshark

By Christian Kreibich, Principal Engineer, Corelight The past few weeks have seen several developments around Community ID, our open standard for rendering network traffic flow tuples into a concise textual representation. I’d ...
Give me my stats!

Give me my stats!

By Keith J. Jones, Corelight Sr. Security Researcher I often develop packages for Zeek in cluster mode. In this configuration, it can be difficult to debug your package because it is a ...
Mixed VLAN tags and BPF syntax

Mixed VLAN tags and BPF syntax

By Richard Bejtlich, Principal Security Strategist, Corelight This post contains a warning and a solution for anyone using BPF syntax when filtering traffic for network security monitoring.  Introduction I have been writing ...

Network Security Monitoring data: Types I, II, and III

By Richard Bejtlich, Principal Security Strategist, Corelight Some critics claim that ever growing encryption renders network security monitoring useless. This opinion is based on a dated understanding of the types and values ...
DNS over TLS and DNS over HTTPS

DNS over TLS and DNS over HTTPS

By Jamie Brim, Corelight Security Researcher In this post, we’ll explore DNS over TLS (DoT) and DNS over HTTPS (DoH). DoT and DoH were invented to address privacy concerns associated with cleartext ...

Chocolate and Peanut Butter, Zeek and Suricata

By Brian Dye, Chief Product Officer, Corelight Some things just go well together. A privilege of working with very sophisticated defenders in the open source community is seeing the design patterns they ...

The light shines even brighter: Updates to Corelight’s Encrypted Traffic Collection

By Vince Stoffer, Senior Director, Product Management, Corelight With Corelight’s latest software release, v19, we are excited to announce the expansion of our Encrypted Traffic Collection (ETC). The ETC was introduced in ...
Detecting GnuTLS CVE-2020-13777 using Zeek

Detecting GnuTLS CVE-2020-13777 using Zeek

By Johanna Amann, Software Engineer, Corelight CVE-2020-13777 is a high severity issue in GnuTLS. In a nutshell, GnuTLS versions between 3.6.4 (released 2018-09-24) and 3.6.14 (2020-06-03) have a serious bug in their ...

Reduce Agency Operating Expenditures with Proven Security Automation

U.S. government agencies have long been under pressure to improve efficiency in order to better serve citizens, but this is no easy task. By nature, they’re complex bureaucracies that are often behemoth ...