Corelight Bright Ideas Blog

Featured Post

How do you find an adversary who lives where you can't easily look? A recent CISA advisory on the state-sponsored actor "Salt Typhoon" highlights this exact challenge. These actors aren't just breaking in; they're moving in. They persist on network edge devices like routers and firewalls—critical infrastructure that often sits outside the view of... Read more »

Additional Posts

Expanded Suricata detections with Dtection.io

By Alex Kirk – November 4, 2021

One of the most common questions that Corelight customers and prospects who are using our Suricata integration ask is “what signatures should I run?” While our answer has always started with the industry-standard Emerging Threats Pro feed, we... Read more »

Microsoft + Corelight partner to stop IoT attacks

By Ed Smith – November 2, 2021

When you hear the term “Internet of Things,” (IoT) do you picture home devices like lightbulbs, smart assistants, and wifi-connected refrigerators? Perhaps you think of enterprise devices like video conferencing systems, smart sensors, or security... Read more »

Take the Corelight challenge: Splunk’s Boss of the SOC

By Ed Smith – October 18, 2021

Looking for some threat hunting and incident response practice that's more game than work? Check out the new Capture the Flag (CTF) challenges from Corelight, now available on Splunk’s Boss of the SOC (BOTS) website - just in time for .conf! Read more »

Corelight accelerates OMB logging adoption

By Jean Schaffer – October 7, 2021

In case you missed the Office of Management and Budget (OMB) (memo M-21-31), Improving the Federal Government’s Investigative and Remediation Capabilities Related to Cybersecurity Incidents, let me provide you the information that you need to know... Read more »

Detecting CVE-2021-38647 OMIGOD

By Ben Reardon – September 21, 2021

Researchers at wiz.io recently found a series of vulnerabilities in Windows Open Management Infrastructure (OMI) software, which is widely installed on cloud-based Azure Linux Agents. We have open-sourced a Zeek package for the most severe of these... Read more »

Using Zeek to track communication state

By Paul Dokas – September 21, 2021

One of Zeek's greatest strengths is its ability to deeply inspect packet streams that are fed into it. It is adept not only at identifying network protocols but also parsing them to extract large amounts of useful information. There is another... Read more »

Monitoring networks for Chinese State-Sponsored Cyber Operations

By Alex Kirk – August 18, 2021

The US federal government recently took an unprecedented step in the fight against cyber espionage, publishing detailed technical guidance on tactics and techniques used by Chinese state-sponsored actors. Read more »

Smart PCAP and threat detection in the cloud

By John Gamble – August 3, 2021

I am thrilled to publicly launch Corelight software version 22, which introduces a transformative new security product, Smart PCAP, and also enables threat detection in the cloud by extending Corelight’s Open NDR support for Suricata across... Read more »

Telegram Zeek, you’re my main notice

By Yacin Nadji – July 28, 2021

Notices in Zeek Zeek’s Notice Framework enables network operators to specify how potentially interesting network findings can be reported. This decoupling of detection and reporting highlights Zeek’s flexibility: a notice-worthy event in network A... Read more »

What’s next for the National Cyber Director?

By Jean Schaffer – July 14, 2021

As the first National Cyber Director begins to settle into office, private industry is very hopeful that this will be one of the turning points to solidify a true private/public partnership for raising the cybersecurity posture of the U.S. As I... Read more »

Load Older Posts

Corelight Bright Ideas Blog

Featured Post

Exposing Salt Typhoon on the network using the PEAK Threat Hunting Framework

Additional Posts

Expanded Suricata detections with Dtection.io

Microsoft + Corelight partner to stop IoT attacks

Take the Corelight challenge: Splunk’s Boss of the SOC

Corelight accelerates OMB logging adoption

Detecting CVE-2021-38647 OMIGOD

Using Zeek to track communication state

Monitoring networks for Chinese State-Sponsored Cyber Operations

Smart PCAP and threat detection in the cloud

Telegram Zeek, you’re my main notice

What’s next for the National Cyber Director?

Recent Posts

Sign up for our newsletter

Locations

1 (888) 547-9497

We're hiring!