How Bro logs gave one company better DNS traffic visibility than their DNS servers

By Howard Samuels, Director of Sales Engineering at Corelight Bro provides enriched network visibility for top organizations around the world, and there are many use cases for Bro logs.   The security field uses Bro data for incident response and cyber threat hunting. But Bro log use cases don’t always have to involve finding bad actors, […]

Another cool thing about Bro: SMB analysis!

By James Schweitzer, Federal Solution Engineer at Corelight If you’re reading this blog, you probably know that Bro can uncover indicators of compromise and discover adversary lateral movement by monitoring east-west traffic within the enterprise. But you may not know about one of the best sources of data for this purpose, the Bro server message […]

Announcing The New Corelight for Splunk App

We’re proud to announce the Corelight for Splunk app is available!  Using the new app (and its associated Technology Add-on (TA)), you can now monitor the health and performance of Corelight Sensors in Splunk and explore the rich data Bro provides through a series of dashboards. The Corelight for Splunk App, associated TA, and Q&A […]

Extensibility as a Guiding Principle

By Christian Kreibich, Senior Engineer at Corelight If you’ve ever used Bro, you’ve likely noticed that it’s rather more flexible than other network monitoring solutions. This is not coincidence — it reflects a core principle that has underpinned the evolution of the Bro platform since its beginnings two decades ago. This principle has afforded users […]

Finding Very Damaging Needles in Very Large Haystacks

By Vern Paxson, Chief Scientist at Corelight Some of the most costly security compromises that enterprises suffer manifest as tiny trickles of behavior hidden within an ocean of other site activity.  Finding such incidents, and unraveling their full scope once detected, requires far-ranging network visibility, such as provided by Corelight Sensors, or, more broadly, the […]

Another cool thing about Bro: tracking files!

By Vincent Stoffer, Director of  Customer Solutions at Corelight You probably know that Bro generates real-time data about network flows, highly valued by threat hunters & incident responders around the world.  But Bro can do a lot more, and in this blog series, we’ll highlight lesser-known features from time to time. Today: tracking files! First […]

Securing the Corelight Sensor

By Steve Smoot, VP Customer Success @ Corelight Have you ever considered how security tools can be a source of risk? They process untrusted data 24/7, have access to sensitive flows, and (like everything on the Internet) can be exploited if not patched regularly.   At Corelight, we want our products to be a source […]

What’s the riskiest part of your Bro deployment? It may be you.

What’s the riskiest part of your Bro deployment? Don’t overlook the obvious: the answer may be you. Corelight helps mitigate that risk by providing enterprise-grade solutions built on Bro. This post describes one example of how that can help you reduce your risk when deploying Bro.