Get Started

          Dns

          Corelight Sensors detect the ChaChi RAT

          Recently Blackberry analyzed a new GoLang Remote Access Trojan (RAT) named “ChaChi.” This sample was interesting in that it tunnels information over DNS as its preferred command and control (C2) mechanism. We downloaded two PCAPs from the malware... Read more »

          Extending NDR visibility in AWS IaaS

          Comprehensive visibility is challenging in a cloud environment. While these environments are rich sources of telemetry and logs, it is challenging for security teams to ensure that logging is configured (and stays configured) on every service, to... Read more »

          Maximize your Splunk ES investment with Corelight

          Maximize your Splunk ES investment with Corelight

          Are you looking to threat hunt but lack sufficient network and IDS data? Have you tried to accelerate your incident response process with better data, but run into dead ends that require data scientists or significant data model modification? Maybe... Read more »

          Getting the most out of your NIDS

          Network Intrusion Detection Systems (NIDS) are widely deployed by the most sophisticated blue teams in the world. For well-funded organizations, there is little question about the value of NIDS, but adoption is not uniform across the entire... Read more »

          Finding SUNBURST backdoor with Zeek logs & Corelight

          UPDATE 12-16-20: Corelight Resources Read more »

          Beating alert fatigue with integrated data

          More than 15 years after Gartner declared that “IDS is dead” because it was too noisy to be effectively managed, alert fatigue continues to be a central theme of life in modern SOCs, with a majority of SOCs still unable to process all the alerts... Read more »

          Meet the Corelight CTF tournament winners

          This summer, Corelight hosted a virtual CTF tournament where hundreds of players raced to solve security challenges using Zeek data in Splunk and Elastic. After the preliminary rounds,  we invited the top performers back for a champions round and... Read more »

          Mixed VLAN tags and BPF syntax

          This post contains a warning and a solution for anyone using BPF syntax when filtering traffic for network security monitoring.  Read more »

          DNS over TLS and DNS over HTTPS

          In this post, we’ll explore DNS over TLS (DoT) and DNS over HTTPS (DoH).  Read more »

          The light shines even brighter: Updates to Corelight’s Encrypted Traffic Collection

          With Corelight’s latest software release, v19, we are excited to announce the expansion of our Encrypted Traffic Collection (ETC). The ETC was introduced in late 2019, but as a reminder it’s a collection of security insights around SSL/TLS and SSH... Read more »

          Search

            Recent Posts