Corelight Bright Ideas Blog

Featured Post

Corelight’s GenAI Accelerator Pack features the industry's first Model Context Protocol (MCP) server, specifically designed to facilitate easier access to detailed network data and alerts for cybersecurity AI agents and enhance the analysis of network security information. Read more »

Additional Posts

Corelight launches the Entity Collection

By Vince Stoffer – December 13, 2022

Corelight Labs, our amazing research team, has been hard at work on another content collection which we are excited to introduce: the Corelight Entity Collection. Read more »

Replace IDS and extend entity visibility

By John Gamble – December 8, 2022

Today, as a part of our v27 software release, we are launching enhanced IDS rules management functionality, extending analyst visibility around hosts, devices, users, and more, and upgrading the Corelight Software Sensor to give customers more NDR... Read more »

Zeek on Windows

By Tim Wojtulewicz – December 5, 2022

Editor's note: This post was originally published on the Zeek.org blog on Nov. 28, 2022. Reposted here in full with permission as a courtesy. Read more »

IoT/OT/ICS threats: Detecting vulnerable Boa web servers

By Corelight Labs Team – November 30, 2022

Editor's note: This blog post was updated on 12/1/22 to add the "Update 12/1/22" and corresponding paragraph added to the end of the blog post. On Nov. 22, 2022 Microsoft announced research findings about an ongoing supply chain attack against IoT... Read more »

Detecting 5 current APTs without heavy lifting

By Corelight Labs Team – November 8, 2022

The Corelight Labs team prides itself on the ability to create novel Zeek and Suricata detection content that delves deep into packet streams by leveraging the full power of these tools. However this level of additional sophistication is not always... Read more »

New position brings new open source opportunities

By Kelley Misata – October 12, 2022

Today marks the start of ZeekWeek, the annual conference for information technologists who rely on the Zeek® network for security monitoring. Read more »

BOD 23-01: Better visibility to reduce risk

By Jean Schaffer – October 10, 2022

“Knowing what’s on your network is the first step for any organization to reduce risk.” Read more »

Corelight Investigator: Ready for Europe

By Sara Shuman – October 4, 2022

This summer, we launched Investigator, Corelight’s SaaS-based network detection and response (NDR) solution that fuses rich network evidence with machine learning and other security analytics to unlock powerful threat hunting capabilities and... Read more »

Detecting the Manjusaka C2 framework

By Corelight Labs Team – September 29, 2022

Security practitioners may know about common command-and-control (C2) frameworks, such as Cobalt Strike and Sliver, but fewer have likely heard of the so-called Chinese sibling framework “Manjusaka” (described by Talos in an excellent writeup). Like... Read more »

Detecting CVE-2022-30216: Windows Server Service Tampering

By Tillson Galloway – August 9, 2022

In July 2022, Microsoft disclosed a vulnerability in the Windows Server Service that allows an authenticated user to remotely access a local API call on a domain controller, which triggers an NTLM request. This results in a leak of credentials that... Read more »

Load Older Posts

Corelight Bright Ideas Blog

Featured Post

Corelight announces industry's first MCP server exposing detailed network data and alerts

Additional Posts

Corelight launches the Entity Collection

Replace IDS and extend entity visibility

Zeek on Windows

IoT/OT/ICS threats: Detecting vulnerable Boa web servers

Detecting 5 current APTs without heavy lifting

New position brings new open source opportunities

BOD 23-01: Better visibility to reduce risk

Corelight Investigator: Ready for Europe

Detecting the Manjusaka C2 framework

Detecting CVE-2022-30216: Windows Server Service Tampering

Recent Posts

Sign up for our newsletter

Locations

1 (888) 547-9497

We're hiring!