Introducing the Cloud Sensor for GCP

Introducing the Cloud Sensor for GCP

By Vijit Nair, Sr. Director, Product Management, Corelight Visibility is paramount in securing your cloud environment – as the adage goes, you cannot protect what you do not see. However, comprehensive visibility ...
Raspberry Pi sensors for home networks

Who’s your fridge talking to at night?

By Gary Fisk, Sales Engineer, Corelight I love origin stories – the tales of grand plans, unforeseen circumstances, and necessity that creates something new. These strange times have resulted in something new ...
Small, fast and easy. Pick any three.

Small, fast and easy. Pick any three.

By Seth Hall, Co-Founder & Chief Evangelist, Corelight Zeek has been the darling of security defenders looking to get deep visibility into network traffic. Over the last two decades, Zeek has become ...
Community detection: CVE-2020-16898

Community detection: CVE-2020-16898

By Ben Reardon, Corelight Security Researcher This month’s Microsoft Patch Tuesday included a severe Remote Code Execution vulnerability in the way that Windows TCP/IP handles IPv6 “Router Advertisement” ICMP messages. Due to ...
Community ID support for Wireshark

Community ID support for Wireshark

By Christian Kreibich, Principal Engineer, Corelight The past few weeks have seen several developments around Community ID, our open standard for rendering network traffic flow tuples into a concise textual representation. I’d ...
Give me my stats!

Give me my stats!

By Keith J. Jones, Corelight Sr. Security Researcher I often develop packages for Zeek in cluster mode. In this configuration, it can be difficult to debug your package because it is a ...

Detecting Zerologon (CVE-2020-1472) with Zeek

By Yacin Nadji, Corelight Security Researcher CVE-2020-1472 aka Zerologon, disclosed by Tom Tervoort of Secura, is an illustrative case study of how a small implementation mistake in cryptographic routines cascades into a ...
Meet the Corelight CTF tournament winners

Meet the Corelight CTF tournament winners

By John Gamble, Director of Product Marketing, Corelight This summer, Corelight hosted a virtual CTF tournament where hundreds of players raced to solve security challenges using Zeek data in Splunk and Elastic ...

Suricata or Zeek? The answer is both.

If you apply Pereto’s Principal (the 80/20 rule) to network security, about 80% of incidents are caused by known threats that are easily identified by signature-based rules system and 20% come from ...

Suricata or Zeek? The answer is both.

If you apply Pereto’s Principal (the 80/20 rule) to network security, about 80% of incidents are caused by known threats that are easily ...