Corelight Bright Ideas Blog

Featured

How to React(.js) to React2Shell and detecting behaviors to catch the Next(.js) big RCE

Ground your defense against React2Shell in verifiable network evidence. Deploy high-fidelity Suricata detections to spot unauthenticated remote code...

David Burkett Dec 6, 2025

Zeek

Zeek & Sigma: Fully compatible for cross-SIEM detections

Corelight recently teamed up with SOC Prime, creators of advanced cyber analytics platforms, to add support for the entire Zeek data set into Sigma.

Alex Kirk Jun 25, 2020

Zeek

The light shines even brighter: Updates to Corelight’s Encrypted Traffic Collection

We are excited to announce the expansion of our ETC. In this post, I will provide some further details and what the research team is working on next!

Vince Stoffer Jun 16, 2020

Zeek

Detecting OpenBSD CVE-2019-19521 SSH exploit attempts

Here's a simple prototype script which identifies CVE-2019-19521 within SSH connections.

Anthony Kasza Dec 6, 2019

Zeek

Investigating the effects of TLS 1.3 on Corelight logs, part 1

In this first of three parts, I will introduce TLS and demonstrate a clear-text HTTP session as interpreted by Corelight logs.

Richard Bejtlich May 29, 2019

< 1 2 >

Corelight announces cloud enrichment for AWS, GCP, and Azure

The Corelight Partner Program

10 considerations for implementing an XDR strategy

Don't trust. Verify with evidence

Network Detection & Response

Corelight Bright Ideas Blog

How to React(.js) to React2Shell and detecting behaviors to catch the Next(.js) big RCE

Zeek & Sigma: Fully compatible for cross-SIEM detections

The light shines even brighter: Updates to Corelight’s Encrypted Traffic Collection

Detecting OpenBSD CVE-2019-19521 SSH exploit attempts

Investigating the effects of TLS 1.3 on Corelight logs, part 1

Have questions?

Sign up for our newsletter

We’re hiring!