Suricata

Introducing the Cloud Sensor for GCP

Introducing the Cloud Sensor for GCP

| | Announcements, aws, google, Google GCP, Google Kubernetes, IaaS, json, Kafka, Microsoft Azure, MTU, Product, SIEM, SOC, Splunk, Suricata, syslog, TAPs, TCP, Terraform, vpc, Zeek
By Vijit Nair, Sr. Director, Product Management, Corelight Visibility is paramount in securing your cloud environment – as the adage goes, you cannot protect what you do not see. However, comprehensive visibility ...
Bright Ideas Blog
Raspberry Pi sensors for home networks

Who’s your fridge talking to at night?

| | Announcements, Corelight@Home, COVID-19, Elastic, home networks, Humio, Industry, json, Kafka, Linux, NDR, network security monitoring, open source, Raspberry Pi, redis, SANS, Seth Hall, Splunk, Suricata, syslog, TCP, Zeek
By Gary Fisk, Sales Engineer, Corelight I love origin stories – the tales of grand plans, unforeseen circumstances, and necessity that creates something new. These strange times have resulted in something new ...
Bright Ideas Blog
Small, fast and easy. Pick any three.

Small, fast and easy. Pick any three.

| | AArch64, Announcements, Corelight, encrypted traffic collection, encryption, json, Kafka, Linux, Product, Raspberry Pi, software, Splunk, ssl, Suricata, TCP, TLS, vm, Zeek, ZeekWeek
By Seth Hall, Co-Founder & Chief Evangelist, Corelight Zeek has been the darling of security defenders looking to get deep visibility into network traffic. Over the last two decades, Zeek has become ...
Bright Ideas Blog
Beating alert fatigue with integrated data

Beating alert fatigue with integrated data

| | cisco, dns, http, JA3, partnership, Phantom, Playbooks, ServiceNow, sha1, SIEM, Splunk, Suricata
By Alex Kirk, Corelight Global Principal for Suricata More than 15 years after Gartner declared that “IDS is dead” because it was too noisy to be effectively managed, alert fatigue continues to ...
Bright Ideas Blog

Suricata or Zeek? The answer is both.

| | Blog, Bro IDS, network analysis, network metadata, signature threat detection, Suricata, threat detection, Zeek
If you apply Pereto’s Principal (the 80/20 rule) to network security, about 80% of incidents are caused by known threats that are easily ...
Bricata

Suricata or Zeek? The answer is both.

| | Blog, Bro IDS, network analysis, network metadata, signature threat detection, Suricata, threat detection, Zeek
If you apply Pereto’s Principal (the 80/20 rule) to network security, about 80% of incidents are caused by known threats that are easily identified by signature-based rules system and 20% come from ...
Bricata | Network Detection & Response | Visibility & Analytics | Threat Hunting

Zeek in it’s sweet spot: Detecting F5’s Big-IP CVE10 (CVE-2020-5902)

| | BIG-IP, cisa, Corelight Labs, CVE-2020-5902, CVE10, f5, GitHub, http, HTTPS, NCC Group, open source, rce, Remote Code Execution, Sigma, Suricata, Uncategorized, Zeek
By Ben Reardon, Corelight Security Researcher Having a CVE 10 unauthenticated Remote Code Execution vulnerability on a central load balancing device? That’s bad… Not being able to detect when a threat actor ...
Bright Ideas Blog
Corelight Splunk App update: new dashboard and data

Corelight Splunk App update: new dashboard and data

| | Announcements, Community ID, Corelight Technical Add-on, ECS, EDR, encrypted traffic, ETC, HELK, MISP, NDR, osquery, partnership, SOC, Splunk, SSH, Suricata
By Roger Cheeks, US-East Sales Engineer, Corelight In support of Corelight’s latest software release, v19, we are pleased to launch our newest installment of the Corelight App for Splunk (Corelight App) and ...
Bright Ideas Blog

Chocolate and Peanut Butter, Zeek and Suricata

| | Announcements, http, Network Security, network security monitoring, network traffic analysis, network visibility, pcap, SANS, SIEM, Suricata, UID, Zeek
By Brian Dye, Chief Product Officer, Corelight Some things just go well together. A privilege of working with very sophisticated defenders in the open source community is seeing the design patterns they ...
Bright Ideas Blog

The light shines even brighter: Updates to Corelight’s Encrypted Traffic Collection

| | agent forwarding, Announcements, Authentication, Chrome, dns, DoH, encrypted traffic, encrypted traffic collection, Firefox, network security monitoring, network traffic analysis, network visibility, reverse tunnel, SSH, Suricata, Zeek
By Vince Stoffer, Senior Director, Product Management, Corelight With Corelight’s latest software release, v19, we are excited to announce the expansion of our Encrypted Traffic Collection (ETC). The ETC was introduced in ...
Bright Ideas Blog
Load more