Zeek

comparing apple to orange

Comparison of tools that extract files from PCAP

| | Chaosreader, extract, Files, FTP, http, http2, IEC-104, IMAP, LPD, LPR, NetworkMiner, NFS, njrat, pcap, POP3, smb, SMB2, smtp, Suricata, tcpflow, TFTP, Wireshark, Zeek
One of the premier features in NetworkMiner is the ability to extract files from captured network traffic in PCAP files. NetworkMiner reassembles the file contents by parsing protocols that are used to ...
NETRESEC Network Security Blog
PCAP over IP

What is PCAP over IP?

| | Arkime, ncat, netcat, NetworkMiner, Packetbeat, pcap, PCAP-over-IP, PolarProxy, Suricata, tcpdump, tcpreplay, tshark, Wireshark, Zeek
PCAP-over-IP is a method for reading a PCAP stream, which contains captured network traffic, through a TCP socket instead of reading the packets from a PCAP file. A simple way to create ...
NETRESEC Network Security Blog

Smart PCAP and threat detection in the cloud

| | network detection response, Network Security, network security monitoring, network traffic analysis, pcap, Product, SIEM, Smart PCAP, SOC, SUNBURST, Suricata, Zeek
I am thrilled to publicly launch Corelight software version 22, which introduces a transformative new security product, Smart PCAP, and also enables threat detection in the cloud by extending Corelight’s Open NDR ...
Bright Ideas Blog
Telegram Zeek, you’re my main notice

Telegram Zeek, you’re my main notice

| | Corelight Labs, Corelight@Home, NetControl, network detection response, Network Security, network security monitoring, network traffic analysis, network visibility, Notice Framework, TCP, Telegram, Zeek
Notices in Zeek Zeek’s Notice Framework enables network operators to specify how potentially interesting network findings can be reported. This decoupling of detection and reporting highlights Zeek’s flexibility: a notice-worthy event in ...
Bright Ideas Blog
PrintNightmare, SMB3 encryption, and your network

PrintNightmare, SMB3 encryption, and your network

| | Corelight Labs, CVE-2021-1675, CVE-2021-34527, DCE/RPC, dll, encryption, NDR, network detection response, Network Security, PrintNightmare, SMB3, Zeek
By Yacin Nadji and Ben Reardon, Corelight Security Researchers CVE-2021-1675, also tracked in CVE-2021-34527, is a remote code execution vulnerability that targets the Windows Print Spooler service. In a nutshell, there is ...
Bright Ideas Blog
Finding SolarWinds / SUNBURST backdoors with Zeek, Suricata, & Corelight

Detecting CVE-2021-31166 – HTTP vulnerability

| | Accept-Encoding, Corelight Labs, CVE-202131166, GitHub, http, http.log, HTTP.sys, Network Security, network security monitoring, network traffic analysis, network visibility, SOAP, SolarWinds, SUNBURST, WinRM, Zeek
By Ben Reardon, Corelight Security Researcher In this blog we aim to provide a little insight into part of the lifecycle of Corelight Lab’s response to a critical HTTP vulnerability. We’ve open-sourced ...
Bright Ideas Blog

What the Cyber EO means for federal agencies

| | Chris Inglis, Cybersecurity, Defense Federal Acquisition Regulation, executive order, Federal, Federal Acquisition Regulation, Industry, Jean Schaffer, Mandiant, network detection response, Network Security, network security monitoring, network traffic analysis, network visibility, nsa, President Biden, Snowden, SUNBURST, Zeek, zero trust
By Jean Schaffer, Federal CTO, Corelight For those of us who have spent our careers working in cybersecurity, President Biden’s recent “Executive Order on Improving the Nation’s Cybersecurity,” (EO) held no surprises ...
Bright Ideas Blog

World’s first 100G Zeek sensor

| | 100G, Announcements, AP 5000, Command And Control, Fleet Manager, intrusion detection, Lawrence Berkeley Labs, network detection response, Network Security, network security monitoring, network traffic analysis, network visibility, open source, Open Source Community, Product, RDP, SIEM, Suricata, Zeek
By Sarah Banks, Senior Director of Product Management, Corelight As we finished rolling out Corelight’s v21 software release, which saw the delivery of the world’s first 100G, 1U Zeek sensor, I was ...
Bright Ideas Blog
Introducing RDP Inferences

Introducing RDP Inferences

| | Alert AA21-131A, Announcements, APT39, APT40, Corelight Labs, Crowbar, DarkSide ransomware, Duo, Emotet, encrypted traffic, encrypted traffic collection, JA3, Matrix ransomware, network detection response, Network Security, network security monitoring, network traffic analysis, network visibility, Palo Alto Networks, RDP, RDPBCGR, Richard Bejtlich, rsa, RSAConference, Vern Paxson, Zeek, Zscaler
By Anthony Kasza, Technical Director, Corelight Corelight recently released a new package, focused on RDP inferences, as part of our Encrypted Traffic Collection. This package runs on Corelight Sensors and provides network ...
Bright Ideas Blog

Introducing the C2 Collection and RDP inferences

| | Announcements, Command And Control, encrypted traffic collection, encryption, Malware, MITRE ATT&CK, network detection response, Network Security, network security monitoring, network traffic analysis, network visibility, Product, RDP, rsa, RSAConference, Zeek
By Vince Stoffer, Senior Director, Product Management, Corelight We’re excited to announce that the Command and Control (C2) Collection is now available with today’s launch of version 21 of the Corelight software ...
Bright Ideas Blog
Load more