By Richard Bejtlich, Principal Security Strategist, Corelight This post contains a warning and a solution for anyone using BPF syntax when filtering traffic for network security monitoring. Introduction I have been writing material for ... Read more »
Zeek
Together is faster: Zeek for vulnerabilities
“There is an open approach that is currently rippling across the infosec industry that could give defenders the acceleration they need.” - John Lambert (Distinguished Engineer, Microsoft) By Greg Bell, CEO of Corelight I love this quote. ... Read more »
Zeek in its sweet spot: Detecting F5’s Big-IP CVE10 (CVE-2020-5902)
By Ben Reardon, Corelight Security Researcher Having a CVE 10 unauthenticated Remote Code Execution vulnerability on a central load balancing device? That’s bad… Not being able to detect when a threat actor attempts and/or succeeds in ... Read more »
Ripple20 Zeek package open sourced
By Ben Reardon, Corelight Security Researcher Recently, security research group JSOF released 19 vulnerabilities related to the “Treck” TCP/IP stack. This stack exists on many devices as part of the supply chain of many well known IoT/ICS/device ... Read more »
Zeek & Sigma: Fully compatible for cross-SIEM detections
By Alex Kirk, Corelight Global Principal for Suricata Corelight recently teamed up with SOC Prime, creators of advanced cyber analytics platforms, to add support for the entire Zeek data set into Sigma, the only generic signature language that ... Read more »