Corelight, Inc.
- San Francisco, CA
- http://www.corelight.com
- info@corelight.com
Grow your team on GitHub
GitHub is home to over 50 million developers working together. Join them to grow your own development teams, manage permissions, and collaborate on projects.
Sign upRepositories
-
Ansible-Software-Sensor
Ansible Role to install and configure Corelight Software Sensors
-
corelight-client
Corelight Sensor API command-line client
-
Ansible-Suricata-update-cron-job
Ansible Role to run Suricata-update via a Cron Job from a dedicated host to update Suricata rules for Corelight Sensors (Software Sensors and Physical Sensors (even Fleet managed sensors)..
-
icannTLD
Zeek script using the official ICANN Top-Level Domain (TLD) list with the Input Framework to extract the relevant information from a DNS query and mark whether it's trusted or not. The source of the ICANN TLD's can be found here: https://publicsuffix.org/list/effective_tld_names.dat. The Trusted Domains list is a custom list, created by the user…
-
ecs-mapping
Mapping Corelight or Zeek data to Elastic Common Schema fields
-
docker-terraform-serverless
Dockerfile building Serverless with Terraform for CI/CD
-
Dashboards-Splunk-DNS-Hunting-Beaconing
DNS Dashboard for hunting and identifying beaconing
-
CVE-2020-5902-F5BigIP
A network detection package for CVE-2020-5902, a CVE10.0 vulnerability affecting F5 Networks, Inc BIG-IP devices.
-
-
zeek-community-id
Zeek support for "community ID" flow hashing.
-
bro-quic
Bro analyzer that detects Google's QUIC protocol
-
bro-xor-exe-plugin
Bro plugin to detect and decrypt XOR-encrypted EXEs
-
SIGRed
Detection of attempts to exploit Microsoft Windows DNS server via CVE-2020-1350 (AKA SIGRed)
-
json-streaming-logs
Bro script package to create JSON formatted logs to stream into data analysis systems.
-
ripple20
A Zeek package for the passive detection of "Ripple20" vulnerabilities in the Treck TCP/IP stack.
-
json-tcp-lb
line based tcp load balancing proxy.
-
-
docker-fleet-api-ci
Ubuntu-based builder including Go, NPM and Ruby tool FPM (for fleet-api)
-
top-dns
Top DNS Measurement for Bro
-
-
-
-
callstranger-detector
Zeek Plugin that detects CallStranger (CVE-2020-12695) attempts (http://callstranger.com/)
-
bro-long-connections
Bro package for tracking long connections to report them before they have completed.
-
cwrap
Auto wrap C and C++ functions with instrumentation
-
docker-latex-sphinx
Documentation generator capable of producing PDFs using LaTeX and Sphinx
-
docker-aws-sphinx
Alpine-based builder/publisher for documentation with aws-cli and Sphinx
-
zeek-sonification
Simple tools to allow you to "listen" to your Zeek logs - hear days worth of network activity in seconds!

