Corelight
Data driven detection: Corelight’s approach to AI-powered NDR
Learn how Corelight combines Zeek data, ML, and GenAI workflows to fuel threat hunting, accelerate incident response, and disrupt advanced network...
Corelight Bright Ideas Blog
This is the Custom Rich Text module
Feel free to edit this text to reflect your unique voice and message. Tell visitors what you do, why you do it, and what sets you apart.
- All
- Zeek
- Network Security Monitoring
- network security
- featured
- NDR
- network detection response
- Corelight
- cybersecurity
- network traffic analysis
- network visibility
- Bro
- SOC
- Corelight Labs
- Richard Bejtlich
- Product
- SIEM
- open source
- Announcements
- threat hunting
- BlackHat
- Industry
- Suricata
- Splunk
- DNS
- PCAP
- TLS
- open source community
- Corelight Sensor
- NSM
- Partnership
- HTTP
- MITRE ATT&CK
- GitHub
- Incident response
- network evidence
- Zeek Logs
- encrypted traffic
- SSH
- microsoft
- encrypted traffic collection
- JSON
- Detection
- IDS
- NOC
- command and control
- encryption
- ja3
- AWS
- HTTPS
- SSL
network traffic analysis
Black Hat NOC: Findings from Europe & thoughts for Asia 2024
See how we used Corelight's Open NDR platform to take an evidence-based security approach at Blackhat Europe 2023.
Dustin Lee
Apr 5, 2024
NDR
Black Hat NOC USA 2023: A tale of sharp needles in a stack of dull needles
Take a look at an incident we detected, investigated, triaged, and closed using Corelight at Black Hat Las Vegas 2023.
Ben Reardon
Sep 15, 2023
Zeek
Detecting Gozi Banking Malware
I ran into a sample of the Gozi banking malware in the wild. This is how I developed an open source detection package to find it with Zeek.
Keith J. Jones
Sep 7, 2023
network traffic analysis
Detections and Findings using Corelight in the Black Hat Asia NOC
Learn about detections and findings from the network operations center (NOC) at Black Hat Asia 2023.
Dustin Lee
Aug 4, 2023
cybersecurity
Detecting Storm-0558 using Corelight evidence
Learn how to leverage Corelight evidence to detect and analyze activity related to Storm-0558.
Chris Brown
Aug 2, 2023
Zeek
Pingback: ICMP Tunneling Malware
This blog will introduce a method of detecting the Pingback malware in which attackers often hide their communications in ping message payloads.
Corelight Labs Team
May 7, 2021
Zeek
What did I just see? Detection, inference, and identification
Discover what the terms detection, inference, and identification mean, and how they can help you when investigating activity in your environment.
Richard Bejtlich
Jul 30, 2019
Zeek
There’s more to Bro than great network data
In this blog post, find out how Corelight is making it easier to detect threats on your network, and provides even better data to respond to them.
Vince Stoffer
Sep 6, 2018
Zeek
Databricks + Corelight – A powerful combination for cybersecurity, incident response and threat hunting
Here's why Databricks plus Corelight is a powerful combination for cybersecurity, incident response and threat hunting.
Alan Saldich
Jul 17, 2018