Corelight Bright Ideas Blog: NDR & Threat Hunting Blog

Enhance your search experience within Splunk by using the Corelight App

By James Schweitzer – October 11, 2023

The Corelight App for Splunk provides the foundation for organizations to boost SOC effectiveness and productivity by using Corelight data in Splunk. In this blog, I’ll walk through how the Corelight App leverages Splunk’s Common Information Model... Read more »

Small, fast and easy. Pick any three.

By Seth Hall – November 17, 2020

Zeek has been the darling of security defenders looking to get deep visibility into network traffic. Over the last two decades, Zeek has become a household name – widely used by enterprise organizations, educational institutions and government... Read more »

What did I just see? Detection, inference, and identification

By Richard Bejtlich – July 29, 2019

In the course of my network security monitoring work at Corelight, I’ve encountered the terms detection, inference, and identification. In this post I will examine what these terms mean, and how they can help you describe the work you do when... Read more »

Hello, my name is??

By Vince Stoffer – June 10, 2019

Corelight just released our v17 software release and it’s packed with a number of cool new features including the Input Framework, Community ID, and MITRE’s BZAR collection of detections for lateral movement. Let me share a few details about how... Read more »

How to use Corelight and Zeek logs to mitigate RDS/RDP vulnerabilities

By Richard Bejtlich – May 22, 2019

Introduction On May 14 Microsoft released patches for, and details about, a remote code execution vulnerability in Remote Desktop Services (RDS), the graphical interactive desktop offered with most Windows operating system platforms. This... Read more »

Network Security Monitoring, a requirement for Managed Service Providers?

By Richard Bejtlich – May 20, 2019

Over the last six months, we’ve read in the security press about a variety of managed service providers (MSPs) being compromised by nation-state and criminal actors. Some examples: Read more »

Corelight + Chronicle Backstory: Technology integration brings all the right data at the right time for customers

By Allen Male – March 25, 2019

At the recent RSA Conference, Chronicle launched Backstory, a new security analytics platform, and we are pleased to share that Corelight is part of the Chronicle Index Partner program. Read more »

First, Do No Harm

By Richard Bejtlich – March 13, 2019

When we hear the phrase “first, do no harm,” most of us think of the Hippocratic Oath and its guidance for physicians. I was surprised to learn that the phrase as translated does not actually appear in the Greek, and that the origins are more... Read more »

Corelight: #winning in Network Security

By Alan Saldich – March 4, 2019

2018 was undoubtedly a banner year for Corelight. We closed out 2018 with many successes under our belt that reflect the hard work of our people: We more than quadrupled our sales year-over-year and more than doubled our customer base and employee... Read more »

Astronomers and Chemists

By Brian Dye – February 27, 2019

Scale is a great word, because its meaning is truly in the eye of the beholder. To an astronomer, it might mean millions of light years. To a chemist, nanometers. In the network security monitoring (NSM) world, Corelight is enabling scale in two... Read more »