Corelight Bright Ideas Blog: NDR & Threat Hunting Blog

Lessons Learned Deploying Corelight in the Black Hat Asia NOC

By Dustin Lee – June 12, 2023

Last month, Corelight had the distinct privilege of joining Cisco, NetWitness, Palo Alto Networks, Arista, and our internet service provider, MyRepublic, to provide availability and network security overwatch to the Black Hat Asia network in... Read more »

NDR for AWS Well-Architected

By Roger Cheeks – August 5, 2020

Corelight is a powerful network traffic analysis tool that enables network detection and response (NDR) for AWS Cloud workloads by receiving packets from an AWS Virtual Private Cloud (VPC) traffic mirror and cloud packet brokers. Corelight extracts... Read more »

Bring Network Security Monitoring to the cloud with Corelight and Amazon VPC Traffic Mirroring

By John Gamble – June 24, 2019

Corelight Sensors transform network traffic into comprehensive logs, extracted files, and custom insights via Zeek, a powerful, open-source network security monitoring framework used by thousands of organizations worldwide to accelerate incident... Read more »

Hello, my name is??

By Vince Stoffer – June 10, 2019

Corelight just released our v17 software release and it’s packed with a number of cool new features including the Input Framework, Community ID, and MITRE’s BZAR collection of detections for lateral movement. Let me share a few details about how... Read more »

Corelight + Chronicle Backstory: Technology integration brings all the right data at the right time for customers

By Allen Male – March 25, 2019

At the recent RSA Conference, Chronicle launched Backstory, a new security analytics platform, and we are pleased to share that Corelight is part of the Chronicle Index Partner program. Read more »

Corelight: #winning in Network Security

By Alan Saldich – March 4, 2019

2018 was undoubtedly a banner year for Corelight. We closed out 2018 with many successes under our belt that reflect the hard work of our people: We more than quadrupled our sales year-over-year and more than doubled our customer base and employee... Read more »

Log enrichment with DNS host names

By Christian Kreibich – October 24, 2018

One of the first tasks for any incident responder when looking at network logs is to figure out the host names that were associated with an IP address in prior network activity. With Corelight’s 1.15 release we help automate the process and I would... Read more »

Network security monitoring vs supply chain backdoors

By Richard Bejtlich – October 3, 2018

On October 4, 2018, Bloomberg published a story titled “The Big Hack: How China Used a Tiny Chip to Infiltrate U.S. Companies,” with a subtitle “The attack by Chinese spies reached almost 30 U.S. companies, including Amazon and Apple, by... Read more »

How Bro logs gave one company better DNS traffic visibility than their DNS servers

By Howard Samuels – June 10, 2018

Bro provides enriched network visibility for top organizations around the world, and there are many use cases for Bro logs. The security field uses Bro data for incident response and cyber threat hunting. But Bro log use cases don’t always have to... Read more »

How we decide what Bro capabilities to include in our Sensor

By Seth Hall – April 4, 2018

We started Corelight to bring the power of Bro network monitoring to an audience that is interested in security, stability, and long-term sustainability. Even though we created and built Bro over the last 20 years, when we developed our commercial... Read more »