Corelight Bright Ideas Blog

Featured

Inside the mind of a cybersecurity threat hunter part 3: hunting for adversaries moving inside your network

Learn how to use Corelight’s rich network telemetry in CrowdStrike’s Next-Gen SIEM to expose defense evasion and lateral movement inside your network.

Allen Marin Dec 22, 2025

IoT/OT/ICS threats: Detecting vulnerable Boa web servers

Corelight Labs installed the last version of Boa in a lab environment and released a Zeek package to identify machines running a vulnerable Boa web...

Corelight Labs Team Nov 30, 2022

Filed Under: Announcements, Product, Zeek

Detecting 5 current APTs without heavy lifting

Corelight Labs looks at three APT toolsets that have been linked to five threat actors, detecting each using relatively simple search logic.

Corelight Labs Team Nov 8, 2022

New position brings new open source opportunities

Dr. Kelley Misata shares her thoughts on why she is excited to join Corelight to lead open source and the new opportunities this role will bring.

Kelley Misata Oct 12, 2022

BOD 23-01: Better visibility to reduce risk

Corelight Federal CTO Jean Schaffer on how validating what asset management and vulnerability detection practices are producing is vital for BOD...

Jean Schaffer Oct 10, 2022

network security

Corelight Investigator: Ready for Europe

Corelight Investigator platform is engaged in attestation for GDPR to support customer threat hunting and incident response operations across Europe.

Sara Shuman Oct 4, 2022

Detecting the Manjusaka C2 framework

In this blog post, the Corelight Labs team shares some of the detection methods available for the Manjusaka C2 framework.

Corelight Labs Team Sep 29, 2022

Detecting CVE-2022-30216: Windows Server Service Tampering

Corelight Labs reviewed a POC exploit for CVE-2022-30216 and wrote a Zeek-based detection and released the package on GitHub.

Tillson Galloway Aug 9, 2022

Network Security Monitoring

The best cybersecurity defense is great evidence

Federal CTO Jean Schaffer explores how evidence - not data - is critical to speed defenders’ knowledge and response capabilities.

Jean Schaffer Jul 19, 2022

network detection response

The evidence bank: leveraging security's most valuable asset

Organizations often implement a data collection strategy out of fear, collecting everything “just in case.” I challenge the assumption.

Bernard Brantley Jun 30, 2022

< 1 2 3 ... 13 ... 29 30 >