Corelight Bright Ideas Blog

Featured Post

May 29, 2025

Corelight Recognized as a Leader in the 2025 Gartner® Magic Quadrant™ for Network Detection and Response

Network Detection and Response (NDR) has emerged as a must-have capability of modern security operations (SecOps). NDR provides deep visibility, detection of advanced threats that evade other security tools, and rapid response capabilities to address the SecOps challenges of incomplete visibility, detection gaps, high SIEM and storage costs, and... Read more »

Additional Posts

Writing a Zeek package in TypeScript with ZeekJS

By Simeon Miteff – October 26, 2023

Zeek® is the world’s most widely used network security monitoring platform and is the foundation for Corelight network evidence. In this blog I share how to write a Zeek package in TypeScript with a new capability called ZeekJS that was released as... Read more »

Turning the tables on the infiltrator

By Ben Reardon – October 16, 2023

This article was originally featured in TechBeacon. Read more »

Black Hat USA 2023 NOC: Five takeaways for SOC teams

By Mark Overholser – October 13, 2023

During this year’s Black Hat in Las Vegas, I learned (or was reminded of) many lessons working alongside my Corelight colleagues and Black Hat Network Operations Center (NOC) teammates from Arista, Cisco, Lumen, NetWitness and Palo Alto Networks.... Read more »

Enhance your search experience within Splunk by using the Corelight App

By James Schweitzer – October 11, 2023

The Corelight App for Splunk provides the foundation for organizations to boost SOC effectiveness and productivity by using Corelight data in Splunk. In this blog, I’ll walk through how the Corelight App leverages Splunk’s Common Information Model... Read more »

Using Corelight to Identify Ransomware Blast Radius

By Chris Brown – September 29, 2023

Over the past few months, ransomware targeting healthcare organizations has been on the rise. While ransomware is nothing new, targeting healthcare organizations, at the extreme, can impact an organization’s ability to engage in anything from... Read more »

How Can Kill Webs Change Security Thinking?

By Richard Bejtlich – September 21, 2023

In my previous article, I proposed ways that modern network-derived evidence applies to the cyber kill chain—a concept created by Eric Hutchins, Michael Cloppert, and Rohan Amin that changed how security teams approach defending their digital... Read more »

Black Hat NOC USA 2023: A tale of sharp needles in a stack of dull needles

By Ben Reardon – September 15, 2023

During Black Hat 2023 in Las Vegas, our Corelight team worked effectively and speedily with our first-rate Black Hat NOC partners Arista, Cisco, Lumen, NetWitness and Palo Alto Networks. I was fortunate enough to be a member of the NOC team at the... Read more »

How Does the Kill Chain Apply to Network-Derived Evidence?

By Richard Bejtlich – September 12, 2023

When Eric M. Hutchins, Michael J. Cloppert, and Rohan M. Amin published their paper “Intelligence-Driven Computer Network Defense Informed by Analysis of Adversary Campaigns and Intrusion Kill Chains” in late 2010, they changed the way security... Read more »

Detecting Gozi Banking Malware

By Keith J. Jones – September 7, 2023

As a principal security researcher on Corelight’s Labs team, I help to solve difficult network security research problems at scale. Corelight’s customers might recognize some of my work if you see the packages “VPN Insights” or “App ID” on your... Read more »

Detections and Findings using Corelight in the Black Hat Asia NOC

By Dustin Lee – August 3, 2023

As promised, we wanted to dedicate a blog to detections and findings from the network operations center (NOC) at Black Hat Asia 2023 as a follow up to our Lessons Learned blog. Some of these discoveries may not surprise the seasoned analyst or... Read more »

Load Older Posts