Corelight Bright Ideas Blog: NDR & Threat Hunting Blog

Mixed VLAN tags and BPF syntax

By Richard Bejtlich – August 26, 2020

This post contains a warning and a solution for anyone using BPF syntax when filtering traffic for network security monitoring. Read more »

DNS over TLS and DNS over HTTPS

By Jamie Brim – June 17, 2020

In this post, we’ll explore DNS over TLS (DoT) and DNS over HTTPS (DoH). Read more »

The light shines even brighter: Updates to Corelight’s Encrypted Traffic Collection

By Vince Stoffer – June 15, 2020

With Corelight’s latest software release, v19, we are excited to announce the expansion of our Encrypted Traffic Collection (ETC). The ETC was introduced in late 2019, but as a reminder it’s a collection of security insights around SSL/TLS and SSH... Read more »

Watch over DNS traffic with Corelight and Splunk

By Roger Cheeks – March 31, 2020

Corelight sensors put your organization in the best position to watch over DNS traffic with a rich, powerful Network Traffic Analysis (NTA) data set. This article highlights the benefits of Corelight DNS logs, and demonstrates how Splunk Enterprise... Read more »

Using Corelight to monitor and identify exploited VPNs

By Richard Bejtlich – October 1, 2019

Network and security infrastructure, such as routers, switches, firewalls, virtual private network concentrators, and other equipment, are designed to provide a stable and secure communications experience for client and server computers and their... Read more »

Profiling Whonix

By Richard Bejtlich – July 17, 2019

Introduction This week I read a story announcing that the latest edition of Whonix had been released. I had heard of Whonix, but had never tried it. I knew it was a Linux distribution that tried to make it as easy and safe as possible to anonymize... Read more »

Astronomers and Chemists

By Brian Dye – February 27, 2019

Scale is a great word, because its meaning is truly in the eye of the beholder. To an astronomer, it might mean millions of light years. To a chemist, nanometers. In the network security monitoring (NSM) world, Corelight is enabling scale in two... Read more »

Log enrichment with DNS host names

By Christian Kreibich – October 24, 2018

One of the first tasks for any incident responder when looking at network logs is to figure out the host names that were associated with an IP address in prior network activity. With Corelight’s 1.15 release we help automate the process and I would... Read more »

Databricks + Corelight – A powerful combination for cybersecurity, incident response and threat hunting

By Alan Saldich – July 16, 2018

Incident response, threat hunting and cybersecurity in general relies on great data. Just like the rest of the world where virtually everything these days is data-driven, from self-driving cars to personalized medicine, effective security strategies... Read more »

How Bro logs gave one company better DNS traffic visibility than their DNS servers

By Howard Samuels – June 10, 2018

Bro provides enriched network visibility for top organizations around the world, and there are many use cases for Bro logs. The security field uses Bro data for incident response and cyber threat hunting. But Bro log use cases don’t always have to... Read more »