• Skip to main content
  • Skip to primary sidebar
  • Skip to footer
  • Logo
  • About
  • Bulletins
  • Corelight.com
  • Contact us

Bright Ideas Blog

Bright Ideas Blog

Bright Ideas Blog

NSM

Investigating the effects of TLS 1.3 on Corelight logs, part 3

June 7, 2019 by Richard Bejtlich

By Richard Bejtlich, Principal Security Strategist, Corelight Introduction Welcome to part 3 of my three-part series on TLS. In the previous two articles I briefly introduced TLS, and showed how Corelight would produce logs for a clear-text ... Read more »

Investigating the effects of TLS 1.3 on Corelight logs, part 2

June 3, 2019 by Richard Bejtlich

By Richard Bejtlich, Principal Security Strategist, Corelight Introduction Welcome to part 2 of my three-part series on TLS. In the previous article I briefly introduced TLS, and showed how Corelight would produce logs for a clear-text HTTP ... Read more »

Investigating the effects of TLS 1.3 on Corelight logs, part 1

May 29, 2019 by Richard Bejtlich

By Richard Bejtlich, Principal Security Strategist, Corelight Introduction I’ve written previously about Corelight data and encryption. I wanted to know how TLS 1.3 would appear in Corelight data, and compare the same network conversation over ... Read more »

Network Security Monitoring, a requirement for Managed Service Providers?

May 21, 2019 by Richard Bejtlich

By Richard Bejtlich, Principal Security Strategist, Corelight Over the last six months, we’ve read in the security press about a variety of managed service providers (MSPs) being compromised by nation-state and criminal actors. Some ... Read more »

Is IPS a feature or a product?

April 2, 2019 by Richard Bejtlich

By Richard Bejtlich, Principal Security Strategist, Corelight This post is a departure from previous editions. It is inspired by discussions I’ve had recently with a few different online and in-person communities. I will present my view on the ... Read more »

  • « Go to Previous Page
  • Go to page 1
  • Go to page 2
  • Go to page 3
  • Go to page 4
  • Go to Next Page »

Primary Sidebar

Search

Recent Posts

  • Detecting SUNBURST/Solarigate activity in retrospect with Zeek – a practical example
  • Finding SUNBURST backdoor with Zeek logs & Corelight
  • Introducing the Cloud Sensor for GCP
  • Who’s your fridge talking to at night?
  • Small, fast and easy. Pick any three.

Categories

Archives

Tags

Bro conn.log Corelight Corelight Sensor cybersecurity DNS Elastic encrypted traffic encryption files.log GitHub HTTP HTTPS incident response ja3 ja3s JSON Linux logs MITRE ATT&CK NDR network security Network Security Monitoring network traffic analysis network visibility NSM NTA open source open source community PCAP Richard Bejtlich SANS SIEM SMTP SOC Splunk SSH SSL ssl.log Suricata TCP TLS TLS 1.3 Vern Paxson Zeek

Footer

Use Cases

  • Our Use Cases
  • MITRE ATT&CK
  • Government
  • Enterprise
  • Higher Education
  • Why Corelight

Products

  • Zeek
  • Suricata
  • Collections
  • Appliance Sensors
  • Cloud Sensors
  • Software Sensor
  • Virtual Sensors
  • Fleet Manager
  • Compare to open Source Zeek

Company

  • About Corelight
  • Awards
  • Careers
  • Events
  • News Coverage
  • Media Kit

Resources

  • Support Overview
  • Open A Support Ticket
  • Product Training
  • Case Studies
  • Video
  • Github
  • Scripts + Packages
  • Zeek Community

Follow us

  • facebook
  • twitter
  • linkedin
  • github
  • reddit
  • youtube

Copyright © 2021 · Corelight, Inc. · All rights reserved. · Privacy Policy · Terms of Use