By Christian Kreibich, Principal Engineer, Corelight The past few weeks have seen several developments around Community ID, our open standard for rendering network traffic flow tuples into a concise textual representation. I’d like to summarize ... Read more »
network security
Mixed VLAN tags and BPF syntax
By Richard Bejtlich, Principal Security Strategist, Corelight This post contains a warning and a solution for anyone using BPF syntax when filtering traffic for network security monitoring. Introduction I have been writing material for ... Read more »
Zeek & Sigma: Fully compatible for cross-SIEM detections
By Alex Kirk, Corelight Global Principal for Suricata Corelight recently teamed up with SOC Prime, creators of advanced cyber analytics platforms, to add support for the entire Zeek data set into Sigma, the only generic signature language that ... Read more »
Chocolate and peanut butter, Zeek and Suricata
By Brian Dye, Chief Product Officer, Corelight Some things just go well together. A privilege of working with very sophisticated defenders in the open source community is seeing the design patterns they use to secure their organizations - ... Read more »
Detecting GnuTLS CVE-2020-13777 using Zeek
By Johanna Amann, Software Engineer, Corelight CVE-2020-13777 is a high severity issue in GnuTLS. In a nutshell, GnuTLS versions between 3.6.4 (released 2018-09-24) and 3.6.14 (2020-06-03) have a serious bug in their session resumption code, which ... Read more »