By Richard Bejtlich, Principal Security Strategist, Corelight In my last post I introduced the idea that analysis of encrypted HTTP traffic requires different analytical models. If you wish to preserve the encryption (and not inspect it via a ... Read more »
conn.log
Network security monitoring is dead, and encryption killed it.
By Richard Bejtlich, Principal Security Strategist, Corelight This post is part of a multi-part series on encryption and network security monitoring. This post covers a brief history of encryption on the web and investigates the security analysis ... Read more »
The last BroCon. It’ll be Zeek in 2019!
By Robin Sommer, CTO at Corelight and member of the Zeek Leadership Team I’m back in San Francisco after the last ever BroCon! Why the last BroCon? Because the Bro Leadership Team has announced a new name for the project. After two years of ... Read more »
Log enrichment with DNS host names
By Christian Kreibich, Senior Engineer, Corelight One of the first tasks for any incident responder when looking at network logs is to figure out the host names that were associated with an IP address in prior network activity. With Corelight’s 1.15 ... Read more »
Databricks + Corelight – A powerful combination for cybersecurity, incident response and threat hunting
By Alan Saldich, CMO, Corelight and Brian Dirking, Sr. Director Partner Marketing, Databricks Incident response, threat hunting and cybersecurity in general relies on great data. Just like the rest of the world where virtually everything these days ... Read more »