• Skip to main content
  • Skip to primary sidebar
  • Skip to footer
  • Logo
  • About
  • Bulletins
  • Corelight.com
  • Contact us

Bright Ideas Blog

Bright Ideas Blog

Bright Ideas Blog

Home ›› Announcements ›› Who’s your fridge talking to at night?

Who’s your fridge talking to at night?

November 19, 2020 by Gary Fisk

By Gary Fisk, Sales Engineer, Corelight

I love origin stories – the tales of grand plans, unforeseen circumstances, and necessity that creates something new. These strange times have resulted in something new from Corelight, and I’d like to share how it came to be.

2020 has upended virtually every aspect of our lives, and has presented many challenges and opportunities for growth and innovation. Hidden in the disruption of our lives this year is a network visibility problem. Offices, schools, theaters, and stores closed down due to COVID-19, requiring home networks to receive “battlefield promotions,” becoming mission-critical resources for work, school, and health. Home networks have become more important, but not better instrumented, better administered, or better secured. As newly minted remote workers, we started noodling on how to bring the power of Corelight’s visibility to shine a light into our home networks.

Long before the pandemic, Seth Hall (Corelight Co-founder, Chief Evangelist, and “Head of Potential Dead Ends”) had been working on a lightweight binary to run Corelight’s network security monitoring on any 64-bit Linux distribution without the complexity of open source deployments. Open source is nimble and flexible, and traditional Corelight Sensors are easy and scalable, so Seth wanted to provide the best of both worlds. Enter Corelight’s new Software Sensor – a lightweight binary designed to run in any environment and bring the visibility of Corelight to network locations previously difficult or impossible to monitor.

The Corelight Software Sensor is an enterprise product, designed to be deployed within corporate or government networks alongside our other Corelight Sensors (available in appliance, VM or cloud form factors). Since the Software Sensor is so versatile, we realized that installing it on Raspberry Pis would be an easy and cost effective way to instrument home networks so that users could get more familiar with the technology during this weird time, and a new project was born. 

Introducing Corelight@Home

Corelight is excited to announce the Corelight@Home program, bringing Corelight’s enterprise-class Network Detection and Response to home networks. While it is not a commercially available or officially supported product, it has all the same capabilities you’ll find in our Corelight Sensors. It combines all the goodness of open source Zeek and Suricata plus most of the value-added features of Corelight Sensors, FREE for home use. Put it all together on cheap, dependable hardware, and you can shine a light on suddenly vital home networks.

By participating in the Corelight@Home program, you can become familiar with the power of Corelight Sensors, and while you’re at it, get a new appreciation (or trepidation) for what kind of devices are communicating over your home network, and using the power of Zeek and Suricata, figure out what they’re up to.

The Corelight@Home sensor includes software upgrades and patching, streaming log exports, high-speed file extraction, and Corelight custom content, including encrypted traffic insights and custom Zeek scripts. Do you want to know who your refrigerator or car is talking to in the middle of the night? What kind of encryption do your devices use? How many devices ARE there on my network? Who’s reaching out to whom, and what services are in use?  Corelight@Home provides the data to answer these questions. 

How it works

The software sensor ‘sniffs’ a monitoring interface and exports JSON formatted Zeek logs (and optionally, Suricata logs and/or extracted files) locally or to the repository of your choosing. We support streaming exports to Splunk HEC, Kafka, JSON over TCP, syslog, and Redis, as well as batch export via SFTP or local log storage, but we do not provide a data repository. The logs are standard Zeek format for ingest into most data lakes, and we partner with Humio, Splunk, Elastic, and others to facilitate integrations. Community Support is offered via a Corelight@Home Slack channel.

How to get started

As a part of this program, we’ve built a configuration script and documentation for easy deployment on Raspberry Pi. Once you have your Raspberry Pi and a way to mirror packets, you can register for the Corelight@Home program here, download the software, and run the raspi-corelight script:

Check out our recent SANS webinar for more info and examples of what others have found using the program. To be honest, we’re not sure what we’re going to find on home networks, but I hope you’ll join Corelight@Home, and that you’ll share your experiences. Sign up, install your sensor, browse your data and start down the rabbit hole of finding your first “What the heck is that??”

Visit the Corelight@Home page for more information and to sign up.

Filed Under: Announcements, Industry Tagged With: Corelight@Home, covid-19, Elastic, home networks, Humio, JSON, Kafka, Linux, NDR, Network Security Monitoring, open source, Raspberry Pi, Redis, SANS, Seth Hall, Splunk, Suricata, syslog, TCP, Zeek

Contact

  • Contact Us
  • Find a Reseller
  • Headquarters+1(510) 281-0760
  • Sales+1(888) 547-9497

Primary Sidebar

Search

Recent Posts

  • Extending NDR visibility in AWS IaaS
  • Maximize your Splunk ES investment with Corelight
  • Exchange exploitation and architecting for visibility
  • Translating query into action
  • Getting the most out of your NIDS

Categories

Archives

Tags

Bro conn.log Corelight Corelight Sensor cybersecurity DNS Elastic encrypted traffic encryption files.log GitHub HTTP HTTPS IDS incident response ja3 ja3s JSON logs MITRE ATT&CK NDR network security Network Security Monitoring network traffic analysis network visibility NSM NTA open source open source community PCAP Richard Bejtlich SANS SIEM Sigma SOC Splunk SSH SSL ssl.log Suricata TCP TLS TLS 1.3 Vern Paxson Zeek

Footer

Use Cases

  • Our Use Cases
  • MITRE ATT&CK
  • Government
  • Enterprise
  • Higher Education
  • Why Corelight

Products

  • Zeek
  • Suricata
  • Collections
  • Appliance Sensors
  • Cloud Sensors
  • Software Sensor
  • Virtual Sensors
  • Fleet Manager
  • Compare to open Source Zeek

Company

  • About Corelight
  • Awards
  • Careers
  • Events
  • News Coverage
  • Media Kit

Resources

  • Support Overview
  • Open A Support Ticket
  • Product Training
  • Case Studies
  • Video
  • Github
  • Scripts + Packages
  • Zeek Community

Follow us

  • facebook
  • twitter
  • linkedin
  • github
  • reddit
  • youtube

Copyright © 2021 · Corelight, Inc. · All rights reserved. · Privacy Policy · Terms of Use