Name: Corelight, Inc.
Type: Organization
Bio: Corelight is the most powerful network visibility solution for information security professionals, founded by the creators of open-source Zeek.
Location: San Francisco, CA
Blog: http://www.corelight.com
Corelight, Inc.'s Projects
A Go library for using zeek broker's websocket API
A Zeek package that detects Zoom logins and meeting joins
Pure Go implementation of XML Digital Signatures
Add more filenames to files.log from HTTP requests
Detect HTTP stalling attacks like slowloris with Bro
Zeek script using the official ICANN Top-Level Domain (TLD) list with the Input Framework to extract the relevant information from a DNS query and mark whether it's trusted or not. The source of the ICANN TLD's can be found here: https://publicsuffix.org/list/effective_tld_names.dat. The Trusted Domains list is a custom list, created by the user, to filter domains during searches.
Bro script package to create JSON formatted logs to stream into data analysis systems.
line based tcp load balancing proxy.
Add POST body excerpt to Bro's HTTP log
Add VLAN tags to all Zeek logs
A Zeek package to log running package stats.
A package manager for Zeek
A Zeek package to detect the Pingback malware ICMP tunnel command and control (C2) network traffic.
Plot packet and data rates over time given a PCAP file, with gnuplot.
A Python implementation of the Community ID flow hashing standard
Corelight@Home script
Detection of Linux Malware C2 RedXOR - demonstration
A Zeek package for the passive detection of "Ripple20" vulnerabilities in the Treck TCP/IP stack.
Detection of attempts to exploit Microsoft Windows DNS server via CVE-2020-1350 (AKA SIGRed)
Softsensor Docker prototype
A Prometheus Exporter for Suricata
Top DNS Measurement for Bro
Zeek is a powerful network analysis framework that is much different from the typical IDS you may know.
Zeek Log Cheatsheets