Corelight Bright Ideas Blog

Featured

Inside the mind of a cybersecurity threat hunter part 3: hunting for adversaries moving inside your network

Learn how to use Corelight’s rich network telemetry in CrowdStrike’s Next-Gen SIEM to expose defense evasion and lateral movement inside your network.

Allen Marin Dec 22, 2025

All
Zeek
Network Security Monitoring
featured
network security
NDR
Corelight
network detection response
cybersecurity
network traffic analysis
SOC
Bro
network visibility
Corelight Labs
Richard Bejtlich
SIEM
Product
open source
Announcements
threat hunting
Suricata
Splunk
DNS
Industry
PCAP
TLS
BlackHat
open source community
Corelight Sensor
NSM
Partnership
HTTP
MITRE ATT&CK
GitHub
Incident response
Zeek Logs
encrypted traffic
network evidence
SSH
microsoft
encrypted traffic collection
Detection
JSON
command and control
encryption
ja3
AWS
Crowdstrike
HTTPS
IDS
SSL

Zeek

Mixed VLAN tags and BPF syntax

This post contains a warning and a solution for anyone using BPF syntax when filtering traffic for network security monitoring.

Richard Bejtlich Aug 27, 2020

Zeek

Together is faster: Zeek for vulnerabilities

I love this quote by John Lambert. It perfectly describes the impact network defenders can achieve by pooling resources, insights, and techniques.

Gregory Bell Aug 18, 2020

Partnership

NDR for AWS Well-Architected

Corelight can improve operational excellence, performance, reliability, cost effectiveness, and security results in the AWS cloud.

Roger Cheeks Aug 6, 2020

Corelight announces cloud enrichment for AWS, GCP, and Azure

The Corelight Partner Program

10 considerations for implementing an XDR strategy

Don't trust. Verify with evidence

Network Detection & Response

Corelight Bright Ideas Blog

Inside the mind of a cybersecurity threat hunter part 3: hunting for adversaries moving inside your network

Mixed VLAN tags and BPF syntax

Together is faster: Zeek for vulnerabilities

NDR for AWS Well-Architected

Have questions?

Sign up for our newsletter

We’re hiring!