Corelight Bright Ideas Blog: NDR & Threat Hunting Blog

Community detection: CVE-2020-16898

By Ben Reardon – October 14, 2020

This month’s Microsoft Patch Tuesday included a severe Remote Code Execution vulnerability in the way that Windows TCP/IP handles IPv6 “Router Advertisement” ICMP messages. Due to the severity and wide scope, we in Corelight Labs immediately set... Read more »

Beating alert fatigue with integrated data

By Alex Kirk – October 7, 2020

More than 15 years after Gartner declared that “IDS is dead” because it was too noisy to be effectively managed, alert fatigue continues to be a central theme of life in modern SOCs, with a majority of SOCs still unable to process all the alerts... Read more »

Community ID support for Wireshark

By Christian Kreibich – October 6, 2020

The past few weeks have seen several developments around Community ID, our open standard for rendering network traffic flow tuples into a concise textual representation. I’d like to summarize them in this blog post. Read more »