zeek logs
Detecting SUNBURST/Solarigate activity in retrospect with Zeek – a practical example
Ben Reardon – Corelight Labs Researcher The threat actors who created SUNBURST went to extraordinary lengths to hide Command-and-Control (C2) traffic by mimicking the nature of communication patterns used by legitimate software ...
Give me my stats!
By Keith J. Jones, Corelight Sr. Security Researcher I often develop packages for Zeek in cluster mode. In this configuration, it can be difficult to debug your package because it is a ...
Getting Network Visibility into East-West Traffic
Getting highly granular “everywhere” visibility continues to be a significant challenge for organizations as they work to protect their networks from threats. Traditionally, ...
Getting Network Visibility into East-West Traffic
Getting highly granular “everywhere” visibility continues to be a significant challenge for organizations as they work to protect their networks from threats. Traditionally, companies have prioritized monitoring and securing north-south traffic (traffic ...