By Keith J. Jones, Corelight Sr. Security Researcher I often develop packages for Zeek in cluster mode. In this configuration, it can be difficult to debug your package because it is a continually running environment with real, and often ... Read more »
Network Security Monitoring
Mixed VLAN tags and BPF syntax
By Richard Bejtlich, Principal Security Strategist, Corelight This post contains a warning and a solution for anyone using BPF syntax when filtering traffic for network security monitoring. Introduction I have been writing material for ... Read more »
Network Security Monitoring data: Types I, II, and III
By Richard Bejtlich, Principal Security Strategist, Corelight Some critics claim that ever growing encryption renders network security monitoring useless. This opinion is based on a dated understanding of the types and values of data collected and ... Read more »
DNS over TLS and DNS over HTTPS
By Jamie Brim, Corelight Security Researcher In this post, we'll explore DNS over TLS (DoT) and DNS over HTTPS (DoH). DoT and DoH were invented to address privacy concerns associated with cleartext DNS requests. By encrypting the DNS ... Read more »
Chocolate and peanut butter, Zeek and Suricata
By Brian Dye, Chief Product Officer, Corelight Some things just go well together. A privilege of working with very sophisticated defenders in the open source community is seeing the design patterns they use to secure their organizations - ... Read more »