Corelight Bright Ideas Blog

Featured Post

In the rapidly evolving landscape of large language models (LLMs), the ability to access and synthesize vast amounts of information is paramount. While LLMs excel at generating creative text and understanding complex prompts, their knowledge is often limited to the data used during their training. This is where knowledge bases (a.k.a.... Read more »

Additional Posts

Takeaways from RSA 2024

By Ashish Malpani – May 15, 2024

RSA 2024 is a wrap. After multiple conversations with security leaders and partners on the show floor and during different sessions and happy hours, it’s time to look back and reflect on the biggest takeaways from the conference. Read more »

Next-Generation SIEM: Corelight is the Data of Choice

By Todd Wingler – May 7, 2024

For years, the mantra for achieving visibility into potential threats has been the trio of EDR, NDR, and SIEM. These components form the foundation of a robust security posture, with EDR and NDR offering the depth and breadth needed to monitor... Read more »

Fuel for Security AI

By Brian Dye – April 30, 2024

The big idea behind Corelight has always been simple: ground truth is priceless. What really happened, both now and looking back in time. Whether it is used to detect attacks, investigate routine alerts, respond to new vulnerabilities or a full... Read more »

Streamlining Incident Response: How CrowdStrike Falcon EDR integration enhances threat detection

By Sahidya Devadoss – April 24, 2024

In the ever-evolving landscape of cybersecurity threats, staying ahead requires more than just threat detection; it demands comprehensive correlation and analysis for informed decision-making. Understanding the context surrounding an alert is... Read more »

Black Hat NOC: Findings from Europe & thoughts for Asia 2024

By Dustin Lee – April 5, 2024

How quickly a year passes. 2023 was Corelight’s first year participating in the Black Hat Network Operations Center (NOC). It was a tremendous opportunity and responsibility in which we collaborated with teams from Cisco, Palo Alto Networks, Arista,... Read more »

Hunt of the Month: Detecting AsyncRAT Malware Over HTTPS

By Corelight Labs Team – March 20, 2024

All code discussed in this blog can be pulled from https://github.com/corelight/zeek-asyncrat-detector Read more »

Focus Terrapin patching efforts with Zeek

By Ben Reardon – March 8, 2024

In this blog, we will demonstrate how Zeek’s metadata approach can help focus patching efforts related to the recent SSH “Terrapin” attack. One of the interesting aspects to bear in mind as you read this is that Zeek provides visibility of the... Read more »

Dual Defenses: 9 Reasons Why Open NDR Is Essential Alongside NGFW

By Ed Smith – March 1, 2024

Securing a network against the myriad of evolving cyber threats requires more than just a robust firewall or endpoint protection platform; it demands a multifaceted approach. Corelight’s Open Network Detection and Response (NDR) Platform complements... Read more »

Inside the Mind of a Cybersecurity Threat Hunter Part 2: Identifying Persistence Techniques

By Allen Marin – February 26, 2024

In this second post of our threat hunting with Corelight and CrowdStrike blog series we dive into Persistence, which is one the many tactical categories outlined in the MITRE ATT&CK framework. In our previous blog, we reviewed some of the common... Read more »

Dual Defenses: 10 Reasons Why NDR Is Essential Alongside EDR

By Ed Smith – January 10, 2024

Editor’s Note (May 2025): This post has been updated to highlight how the Volt Typhoon and Salt Typhoon cyber-espionage campaigns exemplify that EDR evasion is real and why Network Detection and Response (NDR) is essential in modern defense... Read more »

Load Older Posts

Corelight Bright Ideas Blog

Featured Post

Empowering your LLMs: Unlocking cybersecurity queries with Open WebUI knowledge bases

Additional Posts

Takeaways from RSA 2024

Next-Generation SIEM: Corelight is the Data of Choice

Fuel for Security AI

Streamlining Incident Response: How CrowdStrike Falcon EDR integration enhances threat detection

Black Hat NOC: Findings from Europe & thoughts for Asia 2024

Hunt of the Month: Detecting AsyncRAT Malware Over HTTPS

Focus Terrapin patching efforts with Zeek

Dual Defenses: 9 Reasons Why Open NDR Is Essential Alongside NGFW

Inside the Mind of a Cybersecurity Threat Hunter Part 2: Identifying Persistence Techniques

Dual Defenses: 10 Reasons Why NDR Is Essential Alongside EDR

Recent Posts

Sign up for our newsletter

Locations

1 (888) 547-9497

We're hiring!