Sigma
Translating query into action
By Vince Stoffer, Senior Director, Product Management, Corelight One of the most important aspects of threat hunting is having a place to start. A question, a theory, or a hunch often begins ...
Detecting Zerologon (CVE-2020-1472) with Zeek
By Yacin Nadji, Corelight Security Researcher CVE-2020-1472 aka Zerologon, disclosed by Tom Tervoort of Secura, is an illustrative case study of how a small implementation mistake in cryptographic routines cascades into a ...
Together is faster: Zeek for vulnerabilities
“There is an open approach that is currently rippling across the infosec industry that could give defenders the acceleration they need.” – John Lambert (Distinguished Engineer, Microsoft) By Greg Bell, CEO of ...
Zeek in it’s sweet spot: Detecting F5’s Big-IP CVE10 (CVE-2020-5902)
By Ben Reardon, Corelight Security Researcher Having a CVE 10 unauthenticated Remote Code Execution vulnerability on a central load balancing device? That’s bad… Not being able to detect when a threat actor ...
Zeek & Sigma: Fully Compatible for Cross-SIEM Detections
By Alex Kirk, Corelight Global Principal for Suricata Corelight recently teamed up with SOC Prime, creators of advanced cyber analytics platforms, to add support for the entire Zeek data set into Sigma, ...
