Smart PCAP and threat detection in the cloud
John Gamble | | network detection response, Network Security, network security monitoring, network traffic analysis, pcap, Product, SIEM, Smart PCAP, SOC, SUNBURST, Suricata, Zeek
I am thrilled to publicly launch Corelight software version 22, which introduces a transformative new security product, Smart PCAP, and also enables threat detection in the cloud by extending Corelight’s Open NDR ...
Telegram Zeek, you’re my main notice
Yacin Nadji | | Corelight Labs, [email protected], NetControl, network detection response, Network Security, network security monitoring, network traffic analysis, network visibility, Notice Framework, TCP, Telegram, Zeek
Notices in Zeek Zeek’s Notice Framework enables network operators to specify how potentially interesting network findings can be reported. This decoupling of detection and reporting highlights Zeek’s flexibility: a notice-worthy event in ...
What’s next for the National Cyber Director?
Jean Schaffer | | Chris Inglis, cisa, Cybersecurity, Federal, Industry, Kaseya, National Cyber Director, National Cyber Strategy, network detection response, Network Security, network security monitoring, Ransomware, rEvil
By Jean Schaffer, Federal CTO, Corelight As the first National Cyber Director begins to settle into office, private industry is very hopeful that this will be one of the turning points to ...
PrintNightmare, SMB3 encryption, and your network
Corelight Labs Team | | Corelight Labs, CVE-2021-1675, CVE-2021-34527, DCE/RPC, dll, encryption, NDR, network detection response, Network Security, PrintNightmare, SMB3, Zeek
By Yacin Nadji and Ben Reardon, Corelight Security Researchers CVE-2021-1675, also tracked in CVE-2021-34527, is a remote code execution vulnerability that targets the Windows Print Spooler service. In a nutshell, there is ...
Corelight Sensors detect the ChaChi RAT
Corelight Labs Team | | blackberry, C2, ChaChi, Command And Control, Corelight Labs, dns, pcap, rat, remote-access Trojan, SERVFAIL, Vern Paxson, Wireshark
By Paul Dokas, Keith Jones, Anthony Kasza, Yacin Nadji, & Vern Paxson – Corelight Labs Team Recently Blackberry analyzed a new GoLang Remote Access Trojan (RAT) named “ChaChi.” This sample was interesting ...
Detecting CVE-2021-31166 – HTTP vulnerability
Ben Reardon | | Accept-Encoding, Corelight Labs, CVE-202131166, GitHub, http, http.log, HTTP.sys, Network Security, network security monitoring, network traffic analysis, network visibility, SOAP, SolarWinds, SUNBURST, WinRM, Zeek
By Ben Reardon, Corelight Security Researcher In this blog we aim to provide a little insight into part of the lifecycle of Corelight Lab’s response to a critical HTTP vulnerability. We’ve open-sourced ...
What the Cyber EO means for federal agencies
Jean Schaffer | | Chris Inglis, Cybersecurity, Defense Federal Acquisition Regulation, executive order, Federal, Federal Acquisition Regulation, Industry, Jean Schaffer, Mandiant, network detection response, Network Security, network security monitoring, network traffic analysis, network visibility, nsa, President Biden, Snowden, SUNBURST, Zeek, zero trust
By Jean Schaffer, Federal CTO, Corelight For those of us who have spent our careers working in cybersecurity, President Biden’s recent “Executive Order on Improving the Nation’s Cybersecurity,” (EO) held no surprises ...
World’s first 100G Zeek sensor
Sarah Banks | | 100G, Announcements, AP 5000, Command And Control, Fleet Manager, intrusion detection, Lawrence Berkeley Labs, network detection response, Network Security, network security monitoring, network traffic analysis, network visibility, open source, Open Source Community, Product, RDP, SIEM, Suricata, Zeek
By Sarah Banks, Senior Director of Product Management, Corelight As we finished rolling out Corelight’s v21 software release, which saw the delivery of the world’s first 100G, 1U Zeek sensor, I was ...
Introducing RDP Inferences
Anthony Kasza | | Alert AA21-131A, Announcements, APT39, APT40, Corelight Labs, Crowbar, DarkSide ransomware, Duo, Emotet, encrypted traffic, encrypted traffic collection, JA3, Matrix ransomware, network detection response, Network Security, network security monitoring, network traffic analysis, network visibility, Palo Alto Networks, RDP, RDPBCGR, Richard Bejtlich, rsa, RSAConference, Vern Paxson, Zeek, Zscaler
By Anthony Kasza, Technical Director, Corelight Corelight recently released a new package, focused on RDP inferences, as part of our Encrypted Traffic Collection. This package runs on Corelight Sensors and provides network ...
Introducing the C2 Collection and RDP inferences
Vince Stoffer | | Announcements, Command And Control, encrypted traffic collection, encryption, Malware, MITRE ATT&CK, network detection response, Network Security, network security monitoring, network traffic analysis, network visibility, Product, RDP, rsa, RSAConference, Zeek
By Vince Stoffer, Senior Director, Product Management, Corelight We’re excited to announce that the Command and Control (C2) Collection is now available with today’s launch of version 21 of the Corelight software ...