HTTPS connections on port 443 received forged  replies. Chinese web users couldn’t access websites outside the People’s Republic yesterday. The outage lasted an hour and a quarter—with no explanation. Nobody’s sure whether it ...

Xi Whiz: HTTPS connections on port 443 received forged replies ...

Notices in Zeek Zeek’s Notice Framework enables network operators to specify how potentially interesting network findings can be reported. This decoupling of detection and reporting highlights Zeek’s flexibility: a notice-worthy event in ...

There's more to a primitive under the surface, and once we discover what it's actually doing, it opens up a whole new way for us to inspect and filter packets. Lets use the ...

By Vijit Nair, Sr. Director, Product Management, Corelight Visibility is paramount in securing your cloud environment – as the adage goes, you cannot protect what you do not see. However, comprehensive visibility ...

By Gary Fisk, Sales Engineer, Corelight I love origin stories – the tales of grand plans, unforeseen circumstances, and necessity that creates something new. These strange times have resulted in something new ...

By Seth Hall, Co-Founder & Chief Evangelist, Corelight Zeek has been the darling of security defenders looking to get deep visibility into network traffic. Over the last two decades, Zeek has become ...

By Ben Reardon, Corelight Security Researcher This month’s Microsoft Patch Tuesday included a severe Remote Code Execution vulnerability in the way that Windows TCP/IP handles IPv6 “Router Advertisement” ICMP messages. Due to ...

By Christian Kreibich, Principal Engineer, Corelight The past few weeks have seen several developments around Community ID, our open standard for rendering network traffic flow tuples into a concise textual representation. I’d ...

By Richard Bejtlich, Principal Security Strategist, Corelight This post contains a warning and a solution for anyone using BPF syntax when filtering traffic for network security monitoring.  Introduction I have been writing ...