Corelight Bright Ideas Blog: NDR & Threat Hunting Blog

Corelight Open NDR Achieves VMware Ready for Telco Cloud Infrastructure Certification

By Lisa Karas – September 17, 2024

Accelerate Your Hybrid Cloud Security with Corelight Open NDR, now in the VMware Marketplace Read more »

Carrefour renforce sa cybersécurité avec Corelight

By Youssef Agharmine – September 11, 2024

Dans le secteur du commerce de détail, en constante évolution, la nécessité d'adopter des mesures de cybersécurité robustes est devenue un impératif stratégique. Carrefour, l'un des leaders mondiaux de la distribution, faisait face au défi de... Read more »

Carrefour Enhances Cybersecurity With Corelight

By Youssef Agharmine – September 11, 2024

In the fast-paced world of retail, implementing robust cybersecurity measures is not just a necessity but a critical element of operational success. Carrefour, one of the world’s largest retail groups, faced the daunting challenge of securing its... Read more »

Detecting Abuse of NetSupport Manager

By Tillson Galloway – September 11, 2024

Welcome to the latest hunt from Corelight Labs! This blog continues our tradition of analyzing trending TTPs on Any.Run and writing detectors for them. Read more »

Unparalleled Visibility and Threat Detection for SSE Environments

By Ed Smith – September 10, 2024

As organizations embrace digital transformation, security teams face growing challenges in maintaining visibility across diverse on-prem, cloud, and hybrid environments. With the rapid adoption of Secure Access Service Edge (SASE) and Security... Read more »

A few notes from a CISA anger translator

By Brian Dye – August 8, 2024

My weekly dose of Risky.biz led me to CISA’s advisory on SILENTSHIELD, which described their months-long red team exercise and resulting remediation at a federal agency. My browser backlog happened to have their APT40 advisory from just a few days... Read more »

Corelight Announces Cloud Enrichment for AWS, GCP, and Azure

By Todd Morneau – August 6, 2024

This week, I’m excited to announce Cloud Enrichment for AWS, GCP, and Azure. These enhancements are designed to accelerate incident response and unlock threat hunting capabilities by automatically combining the insights of your cloud network with... Read more »

Enhancing Incident Response with 1-Click Entity Isolation

By Sahidya Devadoss – May 29, 2024

We are excited to announce a significant enhancement to our Entity Enrichment integration with CrowdStrike Falcon: the 1-Click Response action. This new feature empowers SOC analysts to isolate a host directly from Corelight Investigator, leveraging... Read more »

Next-Generation SIEM: Corelight is the Data of Choice

By Todd Wingler – May 7, 2024

For years, the mantra for achieving visibility into potential threats has been the trio of EDR, NDR, and SIEM. These components form the foundation of a robust security posture, with EDR and NDR offering the depth and breadth needed to monitor... Read more »

Black Hat NOC: Findings from Europe & thoughts for Asia 2024

By Dustin Lee – April 5, 2024

How quickly a year passes. 2023 was Corelight’s first year participating in the Black Hat Network Operations Center (NOC). It was a tremendous opportunity and responsibility in which we collaborated with teams from Cisco, Palo Alto Networks, Arista,... Read more »