Corelight Bright Ideas Blog: NDR & Threat Hunting Blog

Streamlining security investigations with real-time enrichment of Corelight Open NDR and SentinelOne Singularity

By Allen Marin – October 15, 2024

In today’s threat landscape, security teams face mounting challenges in maintaining a robust security posture. Legacy tools often fall short of defending against increasingly sophisticated adversaries, especially with the complexity of modern,... Read more »

Feed me!

By Vince Stoffer – September 25, 2024

Corelight has strengthened the Suricata integration within its Open NDR Platform, empowering customers with a custom ruleset, the Corelight Feed, designed to swiftly detect and help respond to emerging threats. With a new monthly update cycle,... Read more »

Want better network visibility? Don't just go with the (net)flow

By Mark Overholser – September 23, 2024

In the Black Hat Network Operations Center (NOC), the conference’s leadership team must assemble best-in-class technologies that complement each other to build and harden an enterprise-grade network in just a few days. Then, the NOC must... Read more »

Stronger Security with Corelight and Mandiant Managed Defense

By Allen Marin – September 18, 2024

At Corelight, we’re thrilled when a respected cybersecurity leader like Mandiant introduces a new offering based on our solution. This week, Mandiant Managed Defense unveiled support for Corelight Open NDR, a move that strengthens our existing... Read more »

Corelight Open NDR Achieves VMware Ready for Telco Cloud Infrastructure Certification

By Lisa Karas – September 17, 2024

Accelerate Your Hybrid Cloud Security with Corelight Open NDR, now in the VMware Marketplace Read more »

Carrefour Enhances Cybersecurity With Corelight

By Youssef Agharmine – September 11, 2024

In the fast-paced world of retail, implementing robust cybersecurity measures is not just a necessity but a critical element of operational success. Carrefour, one of the world’s largest retail groups, faced the daunting challenge of securing its... Read more »

Detecting Abuse of NetSupport Manager

By Corelight Labs Team – September 11, 2024

Welcome to the latest hunt from Corelight Labs! This blog continues our tradition of analyzing trending TTPs on Any.Run and writing detectors for them. Read more »

Unparalleled Visibility and Threat Detection for SSE Environments

By Ed Smith – September 10, 2024

As organizations embrace digital transformation, security teams face growing challenges in maintaining visibility across diverse on-prem, cloud, and hybrid environments. With the rapid adoption of Secure Access Service Edge (SASE) and Security... Read more »

A few notes from a CISA anger translator

By Brian Dye – August 8, 2024

My weekly dose of Risky.biz led me to CISA’s advisory on SILENTSHIELD, which described their months-long red team exercise and resulting remediation at a federal agency. My browser backlog happened to have their APT40 advisory from just a few days... Read more »

Corelight Announces Cloud Enrichment for AWS, GCP, and Azure

By Todd Morneau – August 6, 2024

This week, I’m excited to announce Cloud Enrichment for AWS, GCP, and Azure. These enhancements are designed to accelerate incident response and unlock threat hunting capabilities by automatically combining the insights of your cloud network with... Read more »