Corelight Bright Ideas Blog

Featured Post

In the rapidly evolving landscape of large language models (LLMs), the ability to access and synthesize vast amounts of information is paramount. While LLMs excel at generating creative text and understanding complex prompts, their knowledge is often limited to the data used during their training. This is where knowledge bases (a.k.a.... Read more »

Additional Posts

Black Hat NOC USA 2023: A tale of sharp needles in a stack of dull needles

By Ben Reardon – September 15, 2023

During Black Hat 2023 in Las Vegas, our Corelight team worked effectively and speedily with our first-rate Black Hat NOC partners Arista, Cisco, Lumen, NetWitness and Palo Alto Networks. I was fortunate enough to be a member of the NOC team at the... Read more »

How Does the Kill Chain Apply to Network-Derived Evidence?

By Richard Bejtlich – September 12, 2023

When Eric M. Hutchins, Michael J. Cloppert, and Rohan M. Amin published their paper “Intelligence-Driven Computer Network Defense Informed by Analysis of Adversary Campaigns and Intrusion Kill Chains” in late 2010, they changed the way security... Read more »

Detecting Gozi Banking Malware

By Keith J. Jones – September 7, 2023

As a principal security researcher on Corelight’s Labs team, I help to solve difficult network security research problems at scale. Corelight’s customers might recognize some of my work if you see the packages “VPN Insights” or “App ID” on your... Read more »

Detections and Findings using Corelight in the Black Hat Asia NOC

By Dustin Lee – August 3, 2023

As promised, we wanted to dedicate a blog to detections and findings from the network operations center (NOC) at Black Hat Asia 2023 as a follow up to our Lessons Learned blog. Some of these discoveries may not surprise the seasoned analyst or... Read more »

Detecting Storm-0558 using Corelight evidence

By Chris Brown – August 1, 2023

While there have been many intrusions, compromises, breaches, and incidents that have made news in the IT and InfoSec industries throughout 2022 and into this year, when events or threats like Storm-0558 gain coverage by mainstream media, we often... Read more »

I have trust issues and so does my CISO

By Tim Nolen – July 27, 2023

Trust is hard to earn but necessary for any successful relationship. As organizations build the systems to support Zero Trust, they find themselves balancing security and functionality across their operations. Incident Response and Network... Read more »

How SOCs can level up their PCAP game with Smart PCAP (Part 2)

By Roger Cheeks – July 13, 2023

This is the second in a 2 part series on Corelight Smart PCAP. If you missed Part 1, you can find it here. In terms of unencrypted traffic, several highly used protocols lend themselves to logging and can significantly reduce the burden of packet... Read more »

Extending visibility through our new ICS/OT collection

By Vince Stoffer – June 21, 2023

Increasingly, security teams are tasked with identifying, understanding, and managing risk around devices that may live outside the traditional IT umbrella. Operational Technology (OT) refers to computing systems that are used to manage and process... Read more »

Lessons Learned Deploying Corelight in the Black Hat Asia NOC

By Dustin Lee – June 12, 2023

Last month, Corelight had the distinct privilege of joining Cisco, NetWitness, Palo Alto Networks, Arista, and our internet service provider, MyRepublic, to provide availability and network security overwatch to the Black Hat Asia network in... Read more »

Celebrating CrowdStrike’s New Network Detection Service “Powered by Corelight”

By Allen Marin – June 1, 2023

Several months ago, we announced that our strategic alliance partner CrowdStrike decided to use our Open NDR technology across its professional services portfolio. This wasn’t just a meaningful validation for us—it was also a testament to the... Read more »

Load Older Posts

Corelight Bright Ideas Blog

Featured Post

Empowering your LLMs: Unlocking cybersecurity queries with Open WebUI knowledge bases

Additional Posts

Black Hat NOC USA 2023: A tale of sharp needles in a stack of dull needles

How Does the Kill Chain Apply to Network-Derived Evidence?

Detecting Gozi Banking Malware

Detections and Findings using Corelight in the Black Hat Asia NOC

Detecting Storm-0558 using Corelight evidence

I have trust issues and so does my CISO

How SOCs can level up their PCAP game with Smart PCAP (Part 2)

Extending visibility through our new ICS/OT collection

Lessons Learned Deploying Corelight in the Black Hat Asia NOC

Celebrating CrowdStrike’s New Network Detection Service “Powered by Corelight”

Recent Posts

Sign up for our newsletter

Locations

1 (888) 547-9497

We're hiring!