CONTACT US
Download our free guide to find hidden attackers.

Find hidden attackers with Open NDR

SEE HOW

volt-typhoon-warning

Detect advanced attacks with Corelight

SEE HOW

cloud-network

Corelight announces cloud enrichment for AWS, GCP, and Azure

READ MORE

partner-icon-green

Corelight's partner program

BECOME A PARTNER

glossary-icon

10 Considerations for Implementing an XDR Strategy

READ NOW

ad-images-nav_0006_Blog

Don't trust. Verify with evidence

READ BLOG

video

The Power of Open-Source Tools for Network Detection and Response

WATCH THE WEBCAST

ad-nav-ESG

The Evolving Role of NDR

DOWNLOAD THE REPORT

ad-images-nav_0006_Blog

Detecting 5 Current APTs without heavy lifting

READ BLOG

g2-medal-best-support-spring-2024

Network Detection and Response

SUPPORT OVERVIEW

 

Corelight

Hunting at Black Hat Asia 2025: There’s a First Time for Everything

Want to hunt at Black Hat Asia? It was January 2025 and it was a new year at a new job. I had just started at Corelight as a member of the TME team and received an invitation to work Black Hat Asia as a threat hunter in the Black Hat Network... Read more »

Black Hat Asia 2025 NOC: Headfirst into the (Un)Known

I have been working in the cyber security space for over 25 years. I have spent time in security operations centers (SOCs) within the US Department of Defense, taught cyber warfare operators, secured large enterprise networks and, most recently,... Read more »

Dispatch from Black Hat Asia 2025: To err is (still) human

Black Hat Asia 2025 has come and gone, and it was another whirlwind of a conference. Thank you to our partners—Arista, Cisco, MyRepublic, and Palo Alto Networks—for making it a successful conference! It’s an exhilarating experience: sitting in the... Read more »

Edge exploits, EDR blind spots, 51-second breakouts

For every advancement in defense, attackers supply the equal and opposite adaptation. In the last few years EDRs have become so effective that adversaries have radically shifted gears. That shift shows up unmistakably in three heavyweight... Read more »

Cloud your way: Expanding threat visibility to meet the unique needs of your business

Let’s face it: The cloud has become the go-to platform for modern infrastructure—and for good reason. Scalability, flexibility, and speed are hard to beat. But as organizations increasingly rely on the cloud to run their critical operations, the... Read more »

Your network evidence, your SIEM, your way: Corelight’s open SIEM strategy empowers SOCs with a unified experience

Security operations centers (SOCs) are under constant pressure to keep their organizations secure, while battling alert fatigue, tool sprawl, and ever-rising demands for speed and precision. Analysts today face an overwhelming landscape where... Read more »

Detecting The Agent Tesla Malware Family

Welcome to the latest from Corelight Labs! This blog continues our tradition of picking a popular malware family from Any.Run and writing a detector for it! Trending consistently at #1 on Any.Run’s malware trends list, Agent Tesla uses multiple... Read more »

Splunk .conf24 reflections - Federated data, resilience, and a parade of fezzes

Fresh from the recent .conf24 user conference in fabulous Las Vegas, I thought I’d share what I thought were some of the key points throughout the week. Read more »

Enhance your search experience within Splunk by using the Corelight App

The Corelight App for Splunk provides the foundation for organizations to boost SOC effectiveness and productivity by using Corelight data in Splunk. In this blog, I’ll walk through how the Corelight App leverages Splunk’s Common Information Model... Read more »

Small, fast and easy. Pick any three.

Zeek has been the darling of security defenders looking to get deep visibility into network traffic. Over the last two decades, Zeek has become a household name – widely used by enterprise organizations, educational institutions and government... Read more »