Skip to content
@corelight

Corelight, Inc.

Corelight is the most powerful network visibility solution for information security professionals, founded by the creators of open-source Zeek.

Popular repositories Loading

  1. zeek-cheatsheets zeek-cheatsheets Public

    Zeek Log Cheatsheets

    285 45

  2. community-id-spec community-id-spec Public

    An open standard for hashing network flows into identifiers, a.k.a "Community IDs".

    Python 173 25

  3. threat-hunting-guide threat-hunting-guide Public

    46 11

  4. raspi-corelight raspi-corelight Public

    Corelight@Home script

    Shell 40 5

  5. zeek-community-id zeek-community-id Public

    Zeek support for Community ID flow hashing.

    Zeek 35 18

  6. zeek2es zeek2es Public

    A Python application to filter and transfer Zeek logs to Elastic/OpenSearch+Humio. This app can also output pure JSON logs to stdout for further processing!

    Python 35 7

Repositories

Showing 10 of 141 repositories
  • block-corelight-chronicle Public

    Looker Dashboards for Chronicle

    corelight/block-corelight-chronicle’s past year of commit activity
    LookML 1 MIT 5 0 0 Updated Dec 10, 2024
  • corelight-client Public

    Corelight Sensor API command-line client

    corelight/corelight-client’s past year of commit activity
    Python 17 BSD-3-Clause 5 3 2 Updated Nov 27, 2024
  • ecs-templates Public

    Corelight or Zeek Elastic Common Schema Templates

    corelight/ecs-templates’s past year of commit activity
    Python 8 BSD-3-Clause 6 2 0 Updated Nov 27, 2024
  • terraform-azure-sensor Public

    Terraform for Corelight's Azure Cloud Sensor Deployment.

    corelight/terraform-azure-sensor’s past year of commit activity
    HCL 1 MIT 0 0 0 Updated Nov 21, 2024
  • zeekjs Public

    ZeekJS - Experimental JavaScript support for Zeek.

    corelight/zeekjs’s past year of commit activity
    C++ 9 BSD-3-Clause 4 3 1 Updated Nov 21, 2024
  • icannTLD Public

    Zeek script using the official ICANN Top-Level Domain (TLD) list with the Input Framework to extract the relevant information from a DNS query and mark whether it's trusted or not. The source of the ICANN TLD's can be found here: https://publicsuffix.org/list/effective_tld_names.dat. The Trusted Domains list is a custom list, created by the user…

    corelight/icannTLD’s past year of commit activity
    Zeek 6 5 0 0 Updated Nov 14, 2024
  • ExtendIntel Public

    This package extends the Intel package to log more fields

    corelight/ExtendIntel’s past year of commit activity
    Zeek 2 0 0 0 Updated Nov 11, 2024
  • Chronicle Public

    Chronicle parser for CORELIGHT and related information.

    corelight/Chronicle’s past year of commit activity
    Python 3 4 0 0 Updated Nov 8, 2024
  • corelight/Zeek-Endpoint-Enrichment’s past year of commit activity
    Zeek 2 1 0 1 Updated Nov 7, 2024
  • Zeek-Endpoint-Enrichment-conn Public

    Enrich the conn.log with EDR data

    corelight/Zeek-Endpoint-Enrichment-conn’s past year of commit activity
    Zeek 1 0 0 0 Updated Nov 7, 2024