Corelight Bright Ideas Blog: NDR & Threat Hunting Blog

It all comes down to the data: unlocking the potential of AI in the SOC

By Gregory Bell – October 3, 2025

This is a fascinating moment. Whether you think Generative AI is over-hyped or not, our technology landscape has been shocked by capabilities we couldn’t imagine a few years ago. And I do mean shocked. What’s underway is too rapid and uncanny to... Read more »

Back in the Black Hat NOC: A familiar mission, a new crew

By Blake Cahen – September 29, 2025

There’s nothing quite like the energy of the Black Hat Network Operations Center (NOC). I’ve been lucky to experience it three times before—twice in Las Vegas and once in London—and each time I walked away with new lessons, stories, and a deeper... Read more »

Hunting GTPDOOR: The case of the "Black Hat Positive"

By Ben Reardon – September 29, 2025

Ben Reardon, Lead Researcher Corelight Labs / NOC crew Read more »

Black Hat USA 2025: A grab bag and a half

By Mark Overholser – September 29, 2025

I’ve been to several Black Hat conferences (seven in the last two and a half years, alone) to be a threat hunter in the Network Operations Center (NOC), so I didn’t expect to be surprised by much at this year’s Black Hat USA. Read more »

How to level up your technical documentation with Microsoft's style guide and LLMs

By Keith J. Jones – September 16, 2025

How AI can transform even Microsoft's own documentation to meet its style standards. Read more »

Corelight announces industry's first MCP server exposing detailed network data and alerts

By Ashish Malpani – July 31, 2025

Corelight’s GenAI Accelerator Pack features the industry's first Model Context Protocol (MCP) server, specifically designed to facilitate easier access to detailed network data and alerts for cybersecurity AI agents and enhance the analysis of... Read more »

Corelight data and LLMs

By Stan Kiefer – July 31, 2025

Corelight has been an innovator and leader in AI and Large Language Model (LLM) adoption for almost 2 years. We introduced our first use of LLMs in our Open NDR platform Investigator in November of 2023. Since then, we have continued to push the... Read more »

Unlock peak performance: hardware deduplication for enhanced network visibility

By Varun Bobhate – July 28, 2025

In today's complex network environments, ensuring complete visibility while optimizing resource utilization is paramount. Duplicate network traffic can overwhelm your monitoring infrastructure, create redundant alerts for SecOps, consume valuable... Read more »

Data driven detection: Corelight’s approach to AI-powered NDR

By Brian Dye – July 2, 2025

The Gordian knot of any detection strategy is knowing that two conflicting ideas are both true. On one hand, every SOC needs as much accurate detection coverage as they can get to find and disrupt attacks. On the other, the attackers you REALLY care... Read more »

How EDR evasion is changing threat detection

By Ashish Malpani – June 26, 2025

Endpoint Detection and Response (EDR) and Security Information and Event Management (SIEM) have become integral to modern SecOps architecture and threat detection capabilities. However, the urgency of the situation is clear—attackers are deploying... Read more »