By Richard Bejtlich, Principal Security Strategist, Corelight In the course of my network security monitoring work at Corelight, I’ve encountered the terms detection, inference, and identification. In this post I will examine what these t ... Read more
Zeek
Profiling Whonix
By Richard Bejtlich, Principal Security Strategist, Corelight Introduction This week I read a story announcing that the latest edition of Whonix had been released. I had heard of Whonix, but had never tried it. I knew it was a Linux ... Read more
Bring Network Security Monitoring to the Cloud with Corelight and Amazon VPC Traffic Mirroring
John Gamble, Director of Product Marketing, Corelight Corelight Sensors transform network traffic into comprehensive logs, extracted files, and custom insights via Zeek, a powerful, open-source network security monitoring framework used by ... Read more
Investigating the Effects of TLS 1.3 on Corelight Logs, Part 2
By Richard Bejtlich, Principal Security Strategist, Corelight Introduction Welcome to part 2 of my three-part series on TLS. In the previous article I briefly introduced TLS, and showed how Corelight would produce logs for a clear-text HTTP ... Read more
Investigating the Effects of TLS 1.3 on Corelight Logs, Part 1
By Richard Bejtlich, Principal Security Strategist, Corelight Introduction I’ve written previously about Corelight data and encryption. I wanted to know how TLS 1.3 would appear in Corelight data, and compare the same network conversation over c ... Read more