START HERE
WHY CORELIGHT
SANS Protects: The Network
Threat hunting guide
SERVICES
ALLIANCES
USE CASES
Corelight now powers CrowdStrike solutions and services
Alerts, meet evidence.
5 Ways Corelight Data Helps Investigators Win
Thinking like a Threat Actor: Hunting the Ghost in the Machine
Don't trust. Verify with evidence
NDR for Dummies
The Power of Open-Source Tools for Network Detection and Response
The Evolving Role of NDR
Detecting 5 Current APTs without heavy lifting
Home
››
Explore Corelight evidence in Humio Community Edition
Explore Corelight evidence in Humio Community Edition
April 19, 2022 by Ed Smith
Subscribe to blog
X
Sign up for blog updates
Now available: A free and easy way to learn about Humio and Corelight.
As part of our alliance partnership with CrowdStrike and Humio, Corelight is excited to announce a new collaboration that allows our customers and the community to experience the value of evidence.
Starting today, Corelight example evidence is automatically available on the main screen of Humio Community Edition. The Corelight evidence is a continuous loop of network data taken from a Corelight sensor that includes DNS, HTTP, RDP, files, SSL, SSH, X509, and Suricata IDS detections. The example Corelight evidence is already ingested and parsed in Humio to ensure relevant fields are available for search. You can also use the evidence to explore the dashboards and queries included in the Corelight Sensor package and the Threat Hunting Guide package, both of which are available in the Humio Package Marketplace.
Ready to try it out? Head over to the Humio blog for instructions on how to get started along with suggestions on how to use the sample evidence to find suspicious files, visualize connections using Sankey diagrams, and create custom alerts.
By Ed Smith, Senior Product Marketing Manager, Corelight
Tagged With: network detection response, DNS, network visibility, data, IDS, NDR, SSH, SSL, Suricata, HTTP, RDP, Humio, Crowdstrike, network evidence, Humio Community Edition, Sankey diagrams
Search
Recent Posts
Categories
- #winning (1)
- 0-day (3)
- 100G (1)
- 3CoreSec (1)
- 5G (1)
- Aarch64 (1)
- Aashish Sharma (1)
- abuse (1)
- Accel (1)
- Accept-Encoding (1)
- AFCERT (1)
- agent forwarding (1)
- Alan Saldich (2)
- Alert AA21-131A (1)
- Amazon (2)
- Amazon GuardDuty (1)
- Amazon Machine Image (1)
- Amazon Virtual Private Cloud (3)
- Amber Graner (1)
- AMI (1)
- analytics (1)
- Announcements (24)
- Anthony Kasza (3)
- AP 5000 (1)
- apache (1)
- Apache Spark (1)
- API (1)
- Application Layer Infrastructure Visibility (1)
- APT (2)
- APT39 (2)
- APT40 (2)
- Arch (1)
- ASIM (1)
- authentication (1)
- authentication protocol (1)
- award (1)
- AWS (9)
- AWS Fargate (1)
- AWS GWLB (1)
- AWS Kinesis (1)
- AWS re:Inforce (1)
- AWS Simple Storage (1)
- AWS Well-Architected (1)
- Azure Kubernetes (1)
- Azure Sentinel (3)
- Azurescape (1)
- Backstory (1)
- Bad Neighbor (1)
- behavioral detections (1)
- Berkeley Packet Filter (1)
- BGP (1)
- Big-IP (2)
- BIRT (1)
- bitcoin mining (1)
- Blackberry (2)
- BlackHat (2)
- blue team (1)
- Boa web server (1)
- BPF syntax (1)
- Brave (1)
- Brian Dye (2)
- Bro (36)
- Bro Foundation (1)
- Bro scripting language (4)
- BroCon (3)
- Broker (2)
- bruteforce (1)
- Business Incident Response (1)
- Business Insider (1)
- BusinessInsider (1)
- BZAR (1)
- C2 (5)
- CAF (1)
- CallStranger (2)
- Capture the Flag (1)
- ChaChi (2)
- change handler (1)
- Chris Inglis (2)
- Christian Kreibich (2)
- Chrome (2)
- Chronicle (1)
- Chronicle Backstory (1)
- CIM-compliant (1)
- CIO (1)
- ciphertext (1)
- CIRT (3)
- CISA (5)
- Cisco (4)
- Cisco Talos (1)
- CISO (1)
- cloud (2)
- Cloud Packet Mirroring (1)
- cloud security (2)
- Cloud Sensor (2)
- Cloudflare (1)
- CMDB (1)
- Cobalt Strike (1)
- Cobalt Strike C2 (1)
- command and control (7)
- Commonwealth Games (1)
- Community ID (4)
- Computer Incident Response Team (1)
- config.log (1)
- configuration framework (2)
- conn.log (10)
- connection protocol (1)
- container (1)
- container monitoring (2)
- continuous diagnostic monitoring (CDM) (1)
- Core Collection (1)
- Corelight (32)
- Corelight API (3)
- Corelight Investigator (3)
- Corelight Labs (31)
- Corelight open source (1)
- Corelight Sensor (17)
- Corelight Technical Add-on (1)
- Corelight vs. Open-Source (4)
- Corelight@Home (3)
- covid-19 (2)
- CPE (1)
- credential stuffing (1)
- Crowbar (1)
- Crowdstrike (4)
- CSO (2)
- CTF (1)
- Curveball (1)
- custom packages (1)
- CVE (1)
- cve-2018-13379 (1)
- CVE-2019-19521 (1)
- CVE-2020-0601 (2)
- cve-2020-0688 (1)
- CVE-2020-12695 (2)
- CVE-2020-1350 (1)
- CVE-2020-13777 (2)
- CVE-2020-1472 (1)
- CVE-2020-16898 (1)
- cve-2020-17144 (1)
- CVE-2020-5902 (2)
- CVE-2021-1675 (1)
- CVE-2021-34527 (1)
- CVE-2021-42292 (1)
- CVE-2021-44228 (3)
- CVE-202131166 (1)
- CVE-2022-22954 (1)
- CVE-2022-23270 (1)
- CVE-2022-24491 (1)
- CVE-2022-24497 (1)
- CVE-2022-26809 (1)
- CVE-2022-26937 (1)
- CVE10 (1)
- CVEs (1)
- CVSS10 (1)
- CyberDefenseMagazine (1)
- cybersecurity (18)
- Cybersecurity Excellence Award (1)
- DarkSide (1)
- data (4)
- data enrichment (1)
- data exfiltration (1)
- data lake (4)
- Data Reduction packages (1)
- data science (1)
- data visualization (1)
- Databricks (1)
- DCE/RPC (2)
- DDos (2)
- Defense Federal Acquisition (1)
- denial of service (1)
- deployment (1)
- Detection (5)
- DevSecOps (1)
- dfir (2)
- disclosure (1)
- DLL (1)
- DLP (1)
- DNS (20)
- DNS traffic visibility (1)
- dns.log (4)
- DoH (2)
- DOS (1)
- DoT (1)
- dtection.io (1)
- Duo (1)
- east-west (3)
- EC2 (2)
- Echo Reply (1)
- Echo Request (1)
- ECS (2)
- EDR (4)
- Elastic (8)
- Elastic Common Schema (1)
- Elastic Kubernetes (1)
- election infrustructure (1)
- election security (1)
- Elliptic Curve Cryptography (1)
- Emotet (1)
- Employee Spot Light (5)
- encrypted traffic (15)
- encrypted traffic collection (8)
- encryption (11)
- endpoint detection and response (2)
- entity collection (1)
- eSet (1)
- ESNET (1)
- ETC (1)
- evidence (1)
- evidence-based security strategy series (5)
- evidence-based strategy (5)
- Exabeam (1)
- Excel (1)
- executive order (1)
- exfiltration (1)
- extensibility (2)
- extensible (1)
- F5 (2)
- FCEB (1)
- featured (11)
- Federal (5)
- Federal Acquisition Regulation (1)
- Fedora (1)
- file analysis framework (1)
- Filed Under: Announcements, Product, Zeek (1)
- Filed Under: Network Security Monitoring (2)
- files.log (5)
- filter language (1)
- FireEye (1)
- firefox (2)
- firewall (1)
- flame graphs (1)
- Fleet Manager (4)
- fork-and-filter (1)
- Fortinet (1)
- ftp (2)
- funding (1)
- gateway (1)
- GCP (1)
- GDPR (1)
- General Electric (1)
- GitHub (16)
- GKE (1)
- glibc (1)
- GnuTLS (2)
- Godlua (1)
- goDoH (1)
- Google (3)
- Google GCP (2)
- Google Kubernetes (3)
- google-perftools (1)
- government (1)
- gperftools (1)
- Greg Bell (3)
- GUI (1)
- HASSH (2)
- HELK (1)
- high availability (1)
- high-fidelity traffic (1)
- Hildegard malware (1)
- home networks (1)
- Howard Samuels (1)
- html (1)
- HTTP (17)
- HTTP Logs (1)
- http.log (3)
- HTTP.sys (1)
- HTTPS (10)
- Humio (7)
- Humio Community Edition (1)
- IaaS (4)
- IAM (1)
- ICMP (3)
- ICMP RFC 792 (1)
- ICS (1)
- identification (1)
- IDS (8)
- incident responder (2)
- Incident response (14)
- Industry (20)
- inference (1)
- information leakage (1)
- infosec (2)
- Input Framework (2)
- insider threat (2)
- integration (1)
- Intel framework (1)
- Intezer (1)
- intrusion detection (5)
- investment (1)
- IOC (3)
- IoT (4)
- IP (1)
- IP address (1)
- IPS (2)
- IPSec (1)
- IPv6 (1)
- IRC (1)
- ISP (2)
- ja3 (11)
- ja3s (6)
- James Schweitzer (1)
- Java (2)
- Jean Schaffer (2)
- Joe Sandbox (1)
- Johanna Amann (2)
- John Lambert (1)
- Joy Bonaguro (1)
- JSOF (1)
- JSON (11)
- json+https (1)
- Jupyter notebooks (1)
- Kafka (4)
- Kafka Streams (2)
- Kaseya (1)
- Keith Jones (2)
- keystrokes (1)
- killchain (1)
- Kokotap (1)
- Ksniff (1)
- kubernetes (4)
- LAN (1)
- Lateral Movement (1)
- LateralMovement (1)
- Lawrence Berkeley Labs (5)
- LDAP (4)
- LDAP log analyzer (1)
- Leadership Team (3)
- libc (1)
- Linux (7)
- load balancer (1)
- log4j (6)
- log4shell (6)
- logs (8)
- M-22-09 (1)
- machine learning (1)
- malware (5)
- malware detection (1)
- malware infection (1)
- MalwareJake (1)
- Mandiant (2)
- Matrix ransomware (1)
- McAfee (1)
- memory allocator (1)
- metadata (1)
- microsoft (10)
- Microsoft Azure (3)
- Microsoft Patch Tuesday (5)
- MIME types (1)
- misconfiguration (1)
- MISP (2)
- MITM (1)
- MITRE (8)
- MITRE ATT&CK (16)
- Mizu (1)
- mozilla (1)
- MS-RDPBCGR (1)
- MS-RDPEUD2 (1)
- MS-RDPEUDP (1)
- MSP (1)
- MSSP (2)
- MTU (1)
- MyStatsInfo (1)
- nation state threats (1)
- National Cyber Director (1)
- National Cyber Strategy (1)
- National Science Foundation (1)
- NCC Group (1)
- NDR (27)
- ne (1)
- NetControl (1)
- NetControl framework (1)
- Netflow (4)
- Netlogon (1)
- network data (1)
- network detection response (32)
- network evidence (14)
- network intrusion detection system (1)
- Network IOC (1)
- network monitoring (2)
- network security (56)
- Network Security Monitoring (72)
- network traffic (3)
- network traffic analysis (38)
- network visibility (34)
- networksecurity (2)
- NIC (2)
- NIDS (2)
- north-south (1)
- Notice Framework (1)
- notice.log (1)
- NSA (1)
- NSM (18)
- NTA (7)
- OIP (1)
- OMB (3)
- OPEN ruleset (1)
- open source (23)
- open source community (19)
- OpenBSD (1)
- OpenSSL (1)
- Opera (1)
- Optus (1)
- Orion (1)
- OSquery (1)
- osquery integration (1)
- package manager (2)
- packet broker (1)
- PacketTotal (1)
- Palo Alto Networks (3)
- PANW (1)
- partner (1)
- Partnership (18)
- PAS (1)
- Paul Dokas (2)
- PCAP (17)
- perftools (1)
- Phantom (1)
- phishing (1)
- Pingback (1)
- playbooks (1)
- PoC (1)
- polaris (1)
- port 443 (1)
- port scanning (2)
- Powershell (1)
- PPTP (1)
- President Biden (1)
- PrintNightmare (1)
- Product (28)
- Proofpoint Emerging Threats (1)
- pselect6 (1)
- PsiXbot (1)
- PT (1)
- public-key cryptography (1)
- Python (2)
- Qualys (1)
- ransomware (2)
- Rasberry Pi (1)
- Raspberry Pi (3)
- RAT (2)
- RBAC (1)
- RCE (2)
- RDP (7)
- rdp.log (1)
- RDPBCGR (1)
- RDS (1)
- REC (1)
- redefs (1)
- Redis (1)
- RedXOR (1)
- Regulation (1)
- remote access trojan (2)
- Remote Code Execution (2)
- Remote Desktop Services (1)
- remote workers (1)
- RESTful API (1)
- reverse tunnel (1)
- REvil (1)
- RFC4443 (1)
- RFC8106 (1)
- Richard Bejtlich (30)
- Ripple20 (2)
- risk (1)
- Robin Sommer (2)
- router (1)
- RSA (7)
- RSA Conference (4)
- Russian cyberattacks (1)
- SAAS (3)
- sandboxing (2)
- Sankey diagrams (1)
- SANS (7)
- scripts (1)
- SDS (1)
- Secura (1)
- Secure Shell (2)
- security (1)
- Security Operations Center (3)
- SentinelOne (1)
- Series A (1)
- Series B (1)
- SERVFAIL (2)
- ServiceNow (2)
- Seth Hall (3)
- SFTP (1)
- SHA-1 (1)
- SHA1 (1)
- SharePoint (1)
- SharpRDP (1)
- SIEM (26)
- Sigma (6)
- Sigma rules (1)
- SIGRed (1)
- Smart PCAP (1)
- SMB (4)
- SMB analysis (1)
- SMB3 (1)
- SMTP (5)
- sniffer sidecar (1)
- Snowden (1)
- SOAP (1)
- SOAR (1)
- SOC (16)
- SOC Prime (2)
- software (1)
- SOHO (1)
- Solarigate (2)
- SolarWinds (5)
- Sounil Yu (1)
- SPAN port (1)
- span ports (1)
- spearphising (1)
- specialized hardware (1)
- Spicy framework (1)
- Splunk (18)
- Splunk App (1)
- Splunkbase (1)
- SSH (14)
- SSH Exploit (1)
- SSL (10)
- ssl.log (5)
- SSL/TLS (1)
- strace (1)
- SUNBURST (7)
- supply chain (1)
- Surica (1)
- Suricata (20)
- Symantec (1)
- syslog (2)
- TAG Cyber (1)
- Tagged With: APT, BIRT, BlackHat, Business Inciden (1)
- Tagged With: Community ID, JSON, NDR, network dete (1)
- TAPs (2)
- Tbps (1)
- tcmalloc (1)
- TCP (8)
- Tcpdump (1)
- technology add-on (1)
- Telegram (1)
- Tenable (1)
- Terraform (1)
- thought leadership (5)
- threat hunter (5)
- threat hunting (11)
- threat intelligence (1)
- TLS (20)
- TLS 1.2 (2)
- TLS 1.3 (5)
- Tor (1)
- tracking files (1)
- traffic mirroring (1)
- traffic parsing (1)
- transport layer protocol (1)
- TReck (1)
- Trustwave (1)
- tshark (1)
- TTPs (4)
- Ubiquiti (1)
- ubuntu (1)
- UC Berkeley (2)
- UID (1)
- unauthorized access (1)
- Uncategorized (3)
- Unix (2)
- UPnP (1)
- URL (1)
- USENIX (1)
- Vectra (1)
- Verizon FIOS (1)
- Vern Paxson (9)
- Vince Stoffer (1)
- Virtual Private Cloud (1)
- virtual sensor (1)
- Vlad Grigorescu (1)
- VLAN (1)
- VM (1)
- VMware (1)
- VPC (4)
- VPN (4)
- vulnerability (4)
- webinar (1)
- weird.log (2)
- Whonix (1)
- Windows (2)
- Windows CryptoAPI (1)
- Windows NFS Portmap (1)
- Windows Server (2)
- WinRM (1)
- wiper malware (1)
- Wireshark (7)
- X509 (1)
- x509.log (4)
- XDR (1)
- Yacin Nadji (2)
- YARA (1)
- YouTube video (2)
- ZDNet (1)
- Zeek (107)
- Zeek Logs (15)
- Zeek Package Monitor (1)
- zeek week (1)
- ZeekWeek (7)
- zero day exploit (3)
- zero trust (3)
- Zerologon (1)
- Zscaler (1)
Archives
- March 2023 (1)
- January 2023 (2)
- December 2022 (3)
- November 2022 (2)
- October 2022 (4)
- September 2022 (1)
- August 2022 (1)
- July 2022 (1)
- June 2022 (2)
- May 2022 (9)
- April 2022 (5)
- March 2022 (3)
- February 2022 (3)
- January 2022 (1)
- December 2021 (4)
- November 2021 (5)
- October 2021 (2)
- September 2021 (2)
- August 2021 (2)
- July 2021 (3)
- June 2021 (2)
- May 2021 (9)
- April 2021 (3)
- March 2021 (4)
- December 2020 (2)
- November 2020 (3)
- October 2020 (3)
- September 2020 (3)
- August 2020 (3)
- July 2020 (3)
- June 2020 (7)
- May 2020 (2)
- April 2020 (1)
- March 2020 (2)
- February 2020 (3)
- January 2020 (2)
- December 2019 (2)
- November 2019 (4)
- October 2019 (2)
- September 2019 (2)
- August 2019 (1)
- July 2019 (3)
- June 2019 (4)
- May 2019 (5)
- April 2019 (4)
- March 2019 (4)
- February 2019 (2)
- January 2019 (2)
- December 2018 (1)
- November 2018 (1)
- October 2018 (2)
- September 2018 (3)
- August 2018 (1)
- July 2018 (1)
- June 2018 (1)
- May 2018 (1)
- April 2018 (1)
- March 2018 (2)
- February 2018 (1)
- January 2018 (1)
- December 2017 (1)
- November 2017 (1)
- September 2017 (3)
- August 2017 (1)
- July 2017 (1)
- June 2017 (1)
Authors
- Al Smith (1)
- Alan Saldich (2)
- Alex Kirk (7)
- Allen Male (1)
- Amber Graener (1)
- Anthony Kasza (5)
- Ben Reardon (7)
- Bernard Brantley (1)
- Brian Dye (8)
- Charles Strauss (2)
- Christian Kreibich (3)
- Corelight (3)
- Corelight Labs Team (18)
- Ed Amoroso, founder and CEO of TAG Cyber (guest) (1)
- Ed Smith (5)
- Gary Fisk (1)
- Gregory Bell (4)
- Howard Samuels (1)
- James Schweitzer (1)
- Jamie Brim (1)
- Jean Schaffer (7)
- Johanna Amann (3)
- John Gamble (7)
- Jon Natkins (1)
- Joy Bonaguro (1)
- Justin Azoff (1)
- Keith J. Jones (1)
- Kelley Misata (1)
- Lana Knop (1)
- Nick Hunter (1)
- Paul Dokas (1)
- Richard Bejtlich (30)
- Ricky Lin (1)
- Robin Sommer (2)
- Roger Cheeks (4)
- Ryan Victory (1)
- Sara Shuman (2)
- Sarah Banks (2)
- Seth Hall (3)
- Stan Kiefer (2)
- stevesmoot (1)
- Tim Wojtulewicz (1)
- Todd Morneau (1)
- Vern Paxson (2)
- Vijit Nair (5)
- Vince Stoffer (10)
- Yacin Nadji (2)