• Skip to main content
  • Skip to primary sidebar
  • Skip to footer
  • Logo
  • About
  • Bulletins
  • Corelight.com
  • Contact us

Bright Ideas Blog

Bright Ideas Blog

Bright Ideas Blog

Richard Bejtlich

An attack or just a game? Corelight can help you tell the difference quickly

September 12, 2019 by Richard Bejtlich

By Richard Bejtlich, Principal Security Strategist, Corelight When we think about using Corelight data, our mental models often fixate on finding evidence of suspicious and malicious activity. This makes sense, as network security monitoring data ... Read more »

A conversation with GE’s former CIO on three keys to CIRT success

August 22, 2019 by Richard Bejtlich

By Richard Bejtlich, Principal Security Strategist, Corelight Earlier this month during Black Hat I had the good fortune to speak with Gary Reiner, a business leader for whom I have an immense amount of respect. Gary was the chief information ... Read more »

Don’t delay – Corelight today!

August 1, 2019 by Richard Bejtlich

By Richard Bejtlich, Principal Security Strategist, Corelight Introduction Recently I heard that a company interested in Corelight was considering delaying their evaluation because of questions about SIEM technology. They currently have two ... Read more »

What did I just see? Detection, inference, and identification

July 30, 2019 by Richard Bejtlich

By Richard Bejtlich, Principal Security Strategist, Corelight In the course of my network security monitoring work at Corelight, I’ve encountered the terms  detection, inference, and identification. In this post I will examine what these ... Read more »

Profiling Whonix

July 18, 2019 by Richard Bejtlich

By Richard Bejtlich, Principal Security Strategist, Corelight Introduction This week I read a story announcing that the latest edition of Whonix had been released. I had heard of Whonix, but had never tried it. I knew it was a Linux ... Read more »

  • « Go to Previous Page
  • Go to page 1
  • Go to page 2
  • Go to page 3
  • Go to page 4
  • Go to page 5
  • Go to page 6
  • Go to Next Page »

Primary Sidebar

Search

Recent Posts

  • Detecting SUNBURST/Solarigate activity in retrospect with Zeek – a practical example
  • Finding SUNBURST backdoor with Zeek logs & Corelight
  • Introducing the Cloud Sensor for GCP
  • Who’s your fridge talking to at night?
  • Small, fast and easy. Pick any three.

Categories

Archives

Tags

Bro conn.log Corelight Corelight Sensor cybersecurity DNS Elastic encrypted traffic encryption files.log GitHub HTTP HTTPS incident response ja3 ja3s JSON Linux logs MITRE ATT&CK NDR network security Network Security Monitoring network traffic analysis network visibility NSM NTA open source open source community PCAP Richard Bejtlich SANS SIEM SMTP SOC Splunk SSH SSL ssl.log Suricata TCP TLS TLS 1.3 Vern Paxson Zeek

Footer

Use Cases

  • Our Use Cases
  • MITRE ATT&CK
  • Government
  • Enterprise
  • Higher Education
  • Why Corelight

Products

  • Zeek
  • Suricata
  • Collections
  • Appliance Sensors
  • Cloud Sensors
  • Software Sensor
  • Virtual Sensors
  • Fleet Manager
  • Compare to open Source Zeek

Company

  • About Corelight
  • Awards
  • Careers
  • Events
  • News Coverage
  • Media Kit

Resources

  • Support Overview
  • Open A Support Ticket
  • Product Training
  • Case Studies
  • Video
  • Github
  • Scripts + Packages
  • Zeek Community

Follow us

  • facebook
  • twitter
  • linkedin
  • github
  • reddit
  • youtube

Copyright © 2021 · Corelight, Inc. · All rights reserved. · Privacy Policy · Terms of Use