CONTACT US
forrester wave report 2023

Close your ransomware case with Open NDR

SEE HOW

ad-nav-crowdstrike

Corelight now powers CrowdStrike solutions and services

READ MORE

ad-images-nav_0013_IDS

Alerts, meet evidence.

LEARN MORE ABOUT OUR IDS SOLUTION

ad-images-nav_white-paper

5 Ways Corelight Data Helps Investigators Win

READ WHITE PAPER

glossary-icon

10 Considerations for Implementing an XDR Strategy

READ NOW

ad-images-nav_0006_Blog

Don't trust. Verify with evidence

READ BLOG

video

The Power of Open-Source Tools for Network Detection and Response

WATCH THE WEBCAST

ad-nav-ESG

The Evolving Role of NDR

DOWNLOAD THE REPORT

ad-images-nav_0006_Blog

Detecting 5 Current APTs without heavy lifting

READ BLOG

g2-medal-best-support-spring-2024

Network Detection and Response

SUPPORT OVERVIEW

 

Expanded Suricata detections with Dtection.io

One of the most common questions that Corelight customers and prospects who are using our Suricata integration ask is “what signatures should I run?” While our answer has always started with the industry-standard Emerging Threats Pro feed, we recognize that other feeds - like the ones from Crowdstrike or private industry groups - often make excellent additions to the ET Pro set. Today we’re pleased to announce we are providing our customers with a new core recommendation: Dtection.io.

The new signatures come in two groups. The first group is designed to look for lateral movement within your network, both via generic techniques and more specific detection of well-known tools in the space; all the signatures in this group are aligned with MITRE ATT&CK in the alert metadata. 

The second group is focused on connections to sinkhole IP addresses - and while it’s available in Suricata format, we’ve also worked with the Dtection.io crew to have it distributed in Zeek Intel format, which will perform substantially better than the Suricata signatures.

These new rules are available for Corelight customers at no charge through our strong working relationship with 3Coresec, creators of the Dtection.io project. We share their philosophy of focusing on detections that have high signal-to-noise ratios, and are excited to bring their quality content to our platform.

Corelight customers looking to take advantage of these new, free detections should reach out to their local Corelight sales team to enable access. If there are other feeds that you feel we should be incorporating, please let us know.

By Alex Kirk, Corelight Global Principal for Suricata

Recent Posts