• Skip to main content
  • Skip to primary sidebar
  • Skip to footer
  • Logo
  • About
  • Bulletins
  • Corelight.com
  • Contact us

Bright Ideas Blog

Bright Ideas Blog

Bright Ideas Blog

Network Security Monitoring

Mixed VLAN tags and BPF syntax

August 27, 2020 by Richard Bejtlich

By Richard Bejtlich, Principal Security Strategist, Corelight This post contains a warning and a solution for anyone using BPF syntax when filtering traffic for network security monitoring.  Introduction I have been writing material for ... Read more »

Network Security Monitoring data: Types I, II, and III

July 8, 2020 by Richard Bejtlich

By Richard Bejtlich, Principal Security Strategist, Corelight Some critics claim that ever growing encryption renders network security monitoring useless. This opinion is based on a dated understanding of the types and values of data collected and ... Read more »

DNS over TLS and DNS over HTTPS

June 18, 2020 by Jamie Brim

By Jamie Brim, Corelight Security Researcher In this post, we'll explore DNS over TLS (DoT) and DNS over HTTPS (DoH).  DoT and DoH were invented to address privacy concerns associated with cleartext DNS requests. By encrypting the DNS ... Read more »

Chocolate and peanut butter, Zeek and Suricata

June 16, 2020 by Brian Dye

By Brian Dye, Chief Product Officer, Corelight Some things just go well together. A privilege of working with very sophisticated defenders in the open source community is seeing the design patterns they use to secure their organizations - ... Read more »

The light shines even brighter: Updates to Corelight’s Encrypted Traffic Collection

June 16, 2020 by Vince Stoffer

By Vince Stoffer, Senior Director, Product Management, Corelight With Corelight’s latest software release, v19, we are excited to announce the expansion of our Encrypted Traffic Collection (ETC). The ETC was introduced in late 2019, but as a ... Read more »

  • « Go to Previous Page
  • Go to page 1
  • Go to page 2
  • Go to page 3
  • Go to page 4
  • Interim pages omitted …
  • Go to page 10
  • Go to Next Page »

Primary Sidebar

Search

Recent Posts

  • Extending NDR visibility in AWS IaaS
  • Maximize your Splunk ES investment with Corelight
  • Exchange exploitation and architecting for visibility
  • Translating query into action
  • Getting the most out of your NIDS

Categories

Archives

Tags

Bro conn.log Corelight Corelight Sensor cybersecurity DNS Elastic encrypted traffic encryption files.log GitHub HTTP HTTPS IDS incident response ja3 ja3s JSON logs MITRE ATT&CK NDR network security Network Security Monitoring network traffic analysis network visibility NSM NTA open source open source community PCAP Richard Bejtlich SANS SIEM Sigma SOC Splunk SSH SSL ssl.log Suricata TCP TLS TLS 1.3 Vern Paxson Zeek

Footer

Use Cases

  • Our Use Cases
  • MITRE ATT&CK
  • Government
  • Enterprise
  • Higher Education
  • Why Corelight

Products

  • Zeek
  • Suricata
  • Collections
  • Appliance Sensors
  • Cloud Sensors
  • Software Sensor
  • Virtual Sensors
  • Fleet Manager
  • Compare to open Source Zeek

Company

  • About Corelight
  • Awards
  • Careers
  • Events
  • News Coverage
  • Media Kit

Resources

  • Support Overview
  • Open A Support Ticket
  • Product Training
  • Case Studies
  • Video
  • Github
  • Scripts + Packages
  • Zeek Community

Follow us

  • facebook
  • twitter
  • linkedin
  • github
  • reddit
  • youtube

Copyright © 2021 · Corelight, Inc. · All rights reserved. · Privacy Policy · Terms of Use