Corelight Bright Ideas Blog

Featured

How to React(.js) to React2Shell and detecting behaviors to catch the Next(.js) big RCE

Ground your defense against React2Shell in verifiable network evidence. Deploy high-fidelity Suricata detections to spot unauthenticated remote code...

David Burkett Dec 6, 2025

Stories by Stan

Corelight

Corelight data and LLMs

Accelerate alert analysis with Corelight’s LLM prompts for Suricata and Corelight data, featuring summaries, threat analysis, and next steps.

Stan Kiefer Jul 31, 2025

Corelight

Black Hat Asia 2025 NOC: Headfirst into the (Un)Known

Four days in the Black Hat Asia 2025 NOC showed me why the network is “the source of truth”—and why even powerful tools need smart tuning to cut...

Stan Kiefer May 19, 2025

Zeek

Enriching NDR logs with context

We show how enriching Zeek® logs with cloud and container context makes it faster to tie interesting activity to the container or cloud asset...

Stan Kiefer Jun 2, 2022

Zeek

Spotting Log4j traffic in Kubernetes environments

We demonstrate how the visibility of network traffic passing between pods and containers within the K8s network can be utilized to detect a log4j...

Stan Kiefer May 10, 2022

Corelight announces cloud enrichment for AWS, GCP, and Azure

The Corelight Partner Program

10 considerations for implementing an XDR strategy

Don't trust. Verify with evidence

Network Detection & Response