Corelight Bright Ideas Blog: NDR & Threat Hunting Blog (20)

The high ground

By Charles Strauss – February 23, 2020

Introducing Corelight’s new story + the value of NTA Read more »

Countering network resident threats

By Richard Bejtlich – February 19, 2020

Vendors often claim that their products or services counter, mitigate, or otherwise affect “nation state threats.” When I worked as a director of incident response at one company, and as a chief security officer at another, claims like these made no... Read more »

12 talks to see at RSA 2020

By Richard Bejtlich – February 9, 2020

RSA 2020 is fast approaching, and a colleague asked what talks I planned to attend. As I am not attending RSA, I thought I would answer her question anyway, with the hopes that those participating in the conference might benefit from my review of... Read more »

Corelight ECS mapping: Unified Zeek data for more efficient analytics

By Ed Smith – January 27, 2020

In addition to other great news we’ve recently shared, I’m pleased to announce that Corelight sensors now support the Elastic Common Schema (ECS) via our Corelight ECS Mapping. Read more »

Day 1 detection: CVE-2020-0601, a community, and 40 lines of code

By Richard Bejtlich – January 16, 2020

On Tuesday, Jan. 14, 2020, the world learned of the vulnerability du jour, CVE-2020-0601. As explained by Microsoft, “a spoofing vulnerability exists in the way Windows CryptoAPI (Crypt32.dll) validates Elliptic Curve Cryptography (ECC)... Read more »

Finding truth in the cloud: Google Cloud Packet Mirroring and Corelight Network Traffic Analysis

By Vijit Nair – December 9, 2019

“Remember, all I’m offering is the truth” – Morpheus, from the movie Matrix (1999) Read more »

Detecting OpenBSD CVE-2019-19521 SSH exploit attempts

By Anthony Kasza – December 5, 2019

On December 4, Qualys released a security advisory for an authentication bypass vulnerability in OpenBSD, CVE-2019-19521. The vulnerability affects multiple services in OpenBSD including smtpd, sshd, ldapd, and radiusd. This immediately caught our... Read more »

Light in the darkness: New Corelight Encrypted Traffic Collection

By Vince Stoffer – November 19, 2019

This week’s launch of version 18 of our software features the Encrypted Traffic Collection, our first collection of a series of detections and data enrichments created by the Corelight research team. This collection focuses on SSH, SSL/TLS... Read more »

New Corelight app for Splunk: Making network-based threat hunting easier

By Ed Smith – November 18, 2019

Want to use Zeek (formerly Bro) network data in Splunk ES, but don’t know how to start or where to look? Read more »

Introducing the Corelight SSH Inference package

By Anthony Kasza – November 18, 2019

Corelight has recently released a new package, focusing on SSH inferences, as part of our Encrypted Traffic Collection. The package installs on sensors with a few clicks and provides network traffic analysis (NTA) inferences on live SSH traffic.... Read more »

Corelight Bright Ideas Blog

Featured Post

How to level up your technical documentation with Microsoft's style guide and LLMs

Additional Posts

The high ground

Countering network resident threats

12 talks to see at RSA 2020

Corelight ECS mapping: Unified Zeek data for more efficient analytics

Day 1 detection: CVE-2020-0601, a community, and 40 lines of code

Finding truth in the cloud: Google Cloud Packet Mirroring and Corelight Network Traffic Analysis

Detecting OpenBSD CVE-2019-19521 SSH exploit attempts

Light in the darkness: New Corelight Encrypted Traffic Collection

New Corelight app for Splunk: Making network-based threat hunting easier

Introducing the Corelight SSH Inference package

Recent Posts

Sign up for our newsletter

Locations

1 (888) 547-9497

We're hiring!