network visibility
The Critical Role of Network Detection and Response in Improving Enterprise Security [Q&A with Vito Rallo of PwC]
Vito Rallo is Director of Cyber Incident and Threat Management at PwC. He and his team provide offensive security and incident and threat management services to medium and large enterprises. Prior to ...
Now You Know – Q&A about Bricata with CEO John Trauth
Bricata CEO John Trauth discusses how Bricata is helping the world’s largest organizations secure their networks by delivering the most complete network detection and response (NDR) capabilities available. 1) What was your ...
Give me my stats!
By Keith J. Jones, Corelight Sr. Security Researcher I often develop packages for Zeek in cluster mode. In this configuration, it can be difficult to debug your package because it is a ...
Mixed VLAN tags and BPF syntax
By Richard Bejtlich, Principal Security Strategist, Corelight This post contains a warning and a solution for anyone using BPF syntax when filtering traffic for network security monitoring. Introduction I have been writing ...
Zeek & Sigma: Fully Compatible for Cross-SIEM Detections
By Alex Kirk, Corelight Global Principal for Suricata Corelight recently teamed up with SOC Prime, creators of advanced cyber analytics platforms, to add support for the entire Zeek data set into Sigma, ...
Chocolate and Peanut Butter, Zeek and Suricata
By Brian Dye, Chief Product Officer, Corelight Some things just go well together. A privilege of working with very sophisticated defenders in the open source community is seeing the design patterns they ...
The light shines even brighter: Updates to Corelight’s Encrypted Traffic Collection
By Vince Stoffer, Senior Director, Product Management, Corelight With Corelight’s latest software release, v19, we are excited to announce the expansion of our Encrypted Traffic Collection (ETC). The ETC was introduced in ...
Detecting GnuTLS CVE-2020-13777 using Zeek
By Johanna Amann, Software Engineer, Corelight CVE-2020-13777 is a high severity issue in GnuTLS. In a nutshell, GnuTLS versions between 3.6.4 (released 2018-09-24) and 3.6.14 (2020-06-03) have a serious bug in their ...
Watch over DNS traffic with Corelight & Splunk
By Roger Cheeks, Solutions Engineer, Corelight Corelight sensors put your organization in the best position to watch over DNS traffic with a rich, powerful Network Traffic Analysis (NTA) data set. This article ...
The High Ground
By Charles Strauss, Senior Brand Copywriter, Corelight Introducing Corelight’s new story + the value of NTA From the Greek Acropolis to the Space Race, defenders have sought the high ground. Up there, ...
