Corelight Bright Ideas Blog: NDR & Threat Hunting Blog

Corelight Open NDR Achieves VMware Ready for Telco Cloud Infrastructure Certification

By Lisa Karas – September 17, 2024

Accelerate Your Hybrid Cloud Security with Corelight Open NDR, now in the VMware Marketplace Read more »

Carrefour Enhances Cybersecurity With Corelight

By Youssef Agharmine – September 11, 2024

In the fast-paced world of retail, implementing robust cybersecurity measures is not just a necessity but a critical element of operational success. Carrefour, one of the world’s largest retail groups, faced the daunting challenge of securing its... Read more »

Detecting Abuse of NetSupport Manager

By Corelight Labs Team – September 11, 2024

Welcome to the latest hunt from Corelight Labs! This blog continues our tradition of analyzing trending TTPs on Any.Run and writing detectors for them. Read more »

Unparalleled Visibility and Threat Detection for SSE Environments

By Ed Smith – September 10, 2024

As organizations embrace digital transformation, security teams face growing challenges in maintaining visibility across diverse on-prem, cloud, and hybrid environments. With the rapid adoption of Secure Access Service Edge (SASE) and Security... Read more »

A few notes from a CISA anger translator

By Brian Dye – August 8, 2024

My weekly dose of Risky.biz led me to CISA’s advisory on SILENTSHIELD, which described their months-long red team exercise and resulting remediation at a federal agency. My browser backlog happened to have their APT40 advisory from just a few days... Read more »

Corelight Announces Cloud Enrichment for AWS, GCP, and Azure

By Todd Morneau – August 6, 2024

This week, I’m excited to announce Cloud Enrichment for AWS, GCP, and Azure. These enhancements are designed to accelerate incident response and unlock threat hunting capabilities by automatically combining the insights of your cloud network with... Read more »

Understanding the Latest Threat Landscape: Insights from Mandiant M-Trends

By Allen Marin – July 18, 2024

In the constantly evolving world of cybersecurity, staying ahead of emerging threats requires continuous vigilance and adaptation. Fortunately for those of us in the industry, we’ve been able to count on highly respected digital forensics and... Read more »

Corelight recognized for SaaS and Cloud Identity Applications Security in the Gartner Competitive Landscape Report*

By Alyssa Ideboen – July 18, 2024

The cybersecurity landscape is evolving, and Network Detection and Response (NDR) solutions are becoming indispensable for consistent visibility across an increasing attack surface. In the Competitive Landscape for NDR research, Gartner® claims that... Read more »

Detecting The Agent Tesla Malware Family

By Keith J. Jones – July 2, 2024

Welcome to the latest from Corelight Labs! This blog continues our tradition of picking a popular malware family from Any.Run and writing a detector for it! Trending consistently at #1 on Any.Run’s malware trends list, Agent Tesla uses multiple... Read more »

Splunk .conf24 reflections - Federated data, resilience, and a parade of fezzes

By Allen Marin – June 26, 2024

Fresh from the recent .conf24 user conference in fabulous Las Vegas, I thought I’d share what I thought were some of the key points throughout the week. Read more »