By Richard Bejtlich, Principal Security Strategist, Corelight RSA 2020 is fast approaching, and a colleague asked what talks I planned to attend. As I am not attending RSA, I thought I would answer her question anyway, with the hopes that those ... Read more »
Network Security Monitoring
Corelight ECS mapping: Unified Zeek data for more efficient analytics
By Ed Smith, Senior Product Marketing Manager, Corelight In addition to other great news we’ve recently shared, I’m pleased to announce that Corelight sensors now support the Elastic Common Schema (ECS) via our Corelight ECS Mapping. If you’re n ... Read more »
Day 1 detection: CVE-2020-0601, a community, and 40 lines of code
By Richard Bejtlich, Principal Security Strategist, Corelight On Tuesday, Jan. 14, 2020, the world learned of the vulnerability du jour, CVE-2020-0601. As explained by Microsoft, “a spoofing vulnerability exists in the way Windows CryptoAPI ( ... Read more »
Light in the darkness: New Corelight Encrypted Traffic Collection
By Vince Stoffer, Senior Director, Product Management, Corelight This week’s launch of version 18 of our software features the Encrypted Traffic Collection, our first collection of a series of detections and data enrichments created by the C ... Read more »
New Corelight app for Splunk: Making network-based threat hunting easier
By Ed Smith, Senior Product Marketing Manager, Corelight Want to use Zeek (formerly Bro) network data in Splunk ES, but don’t know how to start or where to look? Need to quickly narrow down Zeek logs from a mountain, to a hill, to a h ... Read more »