Corelight Bright Ideas Blog

Featured Post

How do you find an adversary who lives where you can't easily look? A recent CISA advisory on the state-sponsored actor "Salt Typhoon" highlights this exact challenge. These actors aren't just breaking in; they're moving in. They persist on network edge devices like routers and firewalls—critical infrastructure that often sits outside the view of... Read more »

Additional Posts

Detecting Abuse of NetSupport Manager

By Tillson Galloway – September 11, 2024

Welcome to the latest hunt from Corelight Labs! This blog continues our tradition of analyzing trending TTPs on Any.Run and writing detectors for them. Read more »

Unparalleled Visibility and Threat Detection for SSE Environments

By Ed Smith – September 10, 2024

As organizations embrace digital transformation, security teams face growing challenges in maintaining visibility across diverse on-prem, cloud, and hybrid environments. With the rapid adoption of Secure Access Service Edge (SASE) and Security... Read more »

A few notes from a CISA anger translator

By Brian Dye – August 8, 2024

My weekly dose of Risky.biz led me to CISA’s advisory on SILENTSHIELD, which described their months-long red team exercise and resulting remediation at a federal agency. My browser backlog happened to have their APT40 advisory from just a few days... Read more »

Corelight Announces Cloud Enrichment for AWS, GCP, and Azure

By Todd Morneau – August 6, 2024

This week, I’m excited to announce Cloud Enrichment for AWS, GCP, and Azure. These enhancements are designed to accelerate incident response and unlock threat hunting capabilities by automatically combining the insights of your cloud network with... Read more »

Understanding the Latest Threat Landscape: Insights from Mandiant M-Trends

By Allen Marin – July 18, 2024

In the constantly evolving world of cybersecurity, staying ahead of emerging threats requires continuous vigilance and adaptation. Fortunately for those of us in the industry, we’ve been able to count on highly respected digital forensics and... Read more »

Corelight recognized for SaaS and Cloud Identity Applications Security in the Gartner Competitive Landscape Report*

By Alyssa Ideboen – July 18, 2024

The cybersecurity landscape is evolving, and Network Detection and Response (NDR) solutions are becoming indispensable for consistent visibility across an increasing attack surface. In the Competitive Landscape for NDR research, Gartner® claims that... Read more »

Black Hat NOC: Zero Trust…but Verify | Corelight

By Mark Overholser – July 8, 2024

Zero Trust…but Verify The Black Hat network is unlike an enterprise network. The network operations center (NOC), which Corelight helps to operate, sees traffic that would never be permissible on most enterprise networks. Still, in many ways the... Read more »

Detecting The Agent Tesla Malware Family

By Keith J. Jones – July 2, 2024

Welcome to the latest from Corelight Labs! This blog continues our tradition of picking a popular malware family from Any.Run and writing a detector for it! Trending consistently at #1 on Any.Run’s malware trends list, Agent Tesla uses multiple... Read more »

Splunk .conf24 reflections - Federated data, resilience, and a parade of fezzes

By Allen Marin – June 26, 2024

Fresh from the recent .conf24 user conference in fabulous Las Vegas, I thought I’d share what I thought were some of the key points throughout the week. Read more »

Simplify SOC analyst experience with the enhanced Corelight Splunk App

By Claudio Cruz – May 29, 2024

Security operations centers (SOCs) play a vital role in detection, containment and mitigation of today’s advanced cyber attacks. SoC teams are also responsible for proactively hunting for threats, and improving the organization’s overall security... Read more »

Load Older Posts

Corelight Bright Ideas Blog

Featured Post

Exposing Salt Typhoon on the network using the PEAK Threat Hunting Framework

Additional Posts

Detecting Abuse of NetSupport Manager

Unparalleled Visibility and Threat Detection for SSE Environments

A few notes from a CISA anger translator

Corelight Announces Cloud Enrichment for AWS, GCP, and Azure

Understanding the Latest Threat Landscape: Insights from Mandiant M-Trends

Corelight recognized for SaaS and Cloud Identity Applications Security in the Gartner Competitive Landscape Report*

Black Hat NOC: Zero Trust…but Verify | Corelight

Detecting The Agent Tesla Malware Family

Splunk .conf24 reflections - Federated data, resilience, and a parade of fezzes

Simplify SOC analyst experience with the enhanced Corelight Splunk App

Recent Posts

Sign up for our newsletter

Locations

1 (888) 547-9497

We're hiring!