Corelight Bright Ideas Blog: NDR & Threat Hunting Blog

Another cool thing about Bro: SMB analysis!

By James Schweitzer – May 28, 2018

If you’re reading this blog, you probably know that Bro can uncover indicators of compromise and discover adversary lateral movement by monitoring east-west traffic within the enterprise. But you may not know about one of the best sources of data... Read more »

How we decide what Bro capabilities to include in our Sensor

By Seth Hall – April 4, 2018

We started Corelight to bring the power of Bro network monitoring to an audience that is interested in security, stability, and long-term sustainability. Even though we created and built Bro over the last 20 years, when we developed our commercial... Read more »

Announcing The New Corelight for Splunk App

By Corelight – March 28, 2018

We’re proud to announce the Corelight for Splunk app is available! Using the new app (and its associated Technology Add-on (TA)), you can now monitor the health and performance of Corelight Sensors in Splunk and explore the rich data Bro provides... Read more »

Joining a New Company Selling 20 year-old Software

By Brian Dye – March 25, 2018

I’ve enjoyed meeting many companies and leaders in the Bay Area over the past few months. The best surprise I had in doing so was with Corelight (where I recently joined as their chief product officer). Despite many years in security, when they... Read more »

Runtime Options: the Bro Configuration Framework

By Johanna Amann – February 12, 2018

If you are familiar with Bro scripts you have probably encountered redefs, which allow you to change a number of Bro settings. One commonly used redef is Site::local_nets, which lists the networks that Bro considers local. Read more »

That’s a Wrap! The Bay Area’s First Open-Source Bro Meetup

By John Gamble – January 17, 2018

Last Tuesday Corelight hosted the Bay Area’s first meetup for the open-source Bro network security monitor and we saw a great turnout of Bro fanatics and first-timers alike at our San Francisco headquarters. Read more »

Extensibility as a Guiding Principle

By Christian Kreibich – December 5, 2017

If you’ve ever used Bro, you’ve likely noticed that it’s rather more flexible than other network monitoring solutions. This is not coincidence — it reflects a core principle that has underpinned the evolution of the Bro platform since its beginnings... Read more »

Finding Very Damaging Needles in Very Large Haystacks

By Vern Paxson – September 25, 2017

Some of the most costly security compromises that enterprises suffer manifest as tiny trickles of behavior hidden within an ocean of other site activity. Finding such incidents, and unraveling their full scope once detected, requires far-ranging... Read more »

Another cool thing about Bro: tracking files!

By Vince Stoffer – September 14, 2017

You probably know that Bro generates real-time data about network flows, highly valued by threat hunters & incident responders around the world. But Bro can do a lot more, and in this blog series, we’ll highlight lesser-known features from time to... Read more »

Securing the Corelight Sensor

By stevesmoot – September 5, 2017

Have you ever considered how security tools can be a source of risk? They process untrusted data 24/7, have access to sensitive flows, and (like everything on the Internet) can be exploited if not patched regularly. Read more »