Zeek

Introducing the Cloud Sensor for GCP

Introducing the Cloud Sensor for GCP

| | Announcements, aws, google, Google GCP, Google Kubernetes, IaaS, json, Kafka, Microsoft Azure, MTU, Product, SIEM, SOC, Splunk, Suricata, syslog, TAPs, TCP, Terraform, vpc, Zeek
By Vijit Nair, Sr. Director, Product Management, Corelight Visibility is paramount in securing your cloud environment – as the adage goes, you cannot protect what you do not see. However, comprehensive visibility ...
Bright Ideas Blog
Raspberry Pi sensors for home networks

Who’s your fridge talking to at night?

| | Announcements, Corelight@Home, COVID-19, Elastic, home networks, Humio, Industry, json, Kafka, Linux, NDR, network security monitoring, open source, Raspberry Pi, redis, SANS, Seth Hall, Splunk, Suricata, syslog, TCP, Zeek
By Gary Fisk, Sales Engineer, Corelight I love origin stories – the tales of grand plans, unforeseen circumstances, and necessity that creates something new. These strange times have resulted in something new ...
Bright Ideas Blog
Small, fast and easy. Pick any three.

Small, fast and easy. Pick any three.

| | AArch64, Announcements, Corelight, encrypted traffic collection, encryption, json, Kafka, Linux, Product, Raspberry Pi, software, Splunk, ssl, Suricata, TCP, TLS, vm, Zeek, ZeekWeek
By Seth Hall, Co-Founder & Chief Evangelist, Corelight Zeek has been the darling of security defenders looking to get deep visibility into network traffic. Over the last two decades, Zeek has become ...
Bright Ideas Blog
Community detection: CVE-2020-16898

Community detection: CVE-2020-16898

| | Bad Neighbor, Corelight Labs, CVE-2020-16898, DoS, ESNET, GitHub, ICMP, IPv6, mcafee, Microsoft, pcap, PoC, REC, Remote Code Execution, RFC4443, RFC8106, TCP, Windows, Zeek, ZeekWeek
By Ben Reardon, Corelight Security Researcher This month’s Microsoft Patch Tuesday included a severe Remote Code Execution vulnerability in the way that Windows TCP/IP handles IPv6 “Router Advertisement” ICMP messages. Due to ...
Bright Ideas Blog
Community ID support for Wireshark

Community ID support for Wireshark

| | Community ID, json, NDR, network detection response, Network Security, network security monitoring, pcap, Product, python, TCP, tshark, Wireshark, Zeek
By Christian Kreibich, Principal Engineer, Corelight The past few weeks have seen several developments around Community ID, our open standard for rendering network traffic flow tuples into a concise textual representation. I’d ...
Bright Ideas Blog
Give me my stats!

Give me my stats!

| | Corelight Labs, MyStatsInfo, network detection response, network security monitoring, network traffic analysis, network visibility, scripts, Zeek, zeek logs
By Keith J. Jones, Corelight Sr. Security Researcher I often develop packages for Zeek in cluster mode. In this configuration, it can be difficult to debug your package because it is a ...
Bright Ideas Blog

Detecting Zerologon (CVE-2020-1472) with Zeek

| | ciphertext, Corelight Labs, CVE-2020-1472, CVSS10, LateralMovement, Microsoft, Netlogon, Open Source Community, python, Secura, Sigma, Splunk, vulnerability, Windows Server, Zeek, ZeroLogon
By Yacin Nadji, Corelight Security Researcher CVE-2020-1472 aka Zerologon, disclosed by Tom Tervoort of Secura, is an illustrative case study of how a small implementation mistake in cryptographic routines cascades into a ...
Bright Ideas Blog
Meet the Corelight CTF tournament winners

Meet the Corelight CTF tournament winners

| | Announcements, Capture the Flag, Cobalt Strike C2, ctf, dns, Elastic, JA3, Open Source Community, pcap, Splunk, ssl.log, Zeek
By John Gamble, Director of Product Marketing, Corelight This summer, Corelight hosted a virtual CTF tournament where hundreds of players raced to solve security challenges using Zeek data in Splunk and Elastic ...
Bright Ideas Blog

Suricata or Zeek? The answer is both.

| | Blog, Bro IDS, network analysis, network metadata, signature threat detection, Suricata, threat detection, Zeek
If you apply Pereto’s Principal (the 80/20 rule) to network security, about 80% of incidents are caused by known threats that are easily identified by signature-based rules system and 20% come from ...
Bricata | Network Detection & Response | Visibility & Analytics | Threat Hunting

Suricata or Zeek? The answer is both.

| | Blog, Bro IDS, network analysis, network metadata, signature threat detection, Suricata, threat detection, Zeek
If you apply Pereto’s Principal (the 80/20 rule) to network security, about 80% of incidents are caused by known threats that are easily ...
Bricata
Load more