Corelight Bright Ideas Blog: NDR & Threat Hunting Blog

Running DeepSeek AI privately using open-source software

By Keith J. Jones – February 28, 2025

Introduction Zeek® is a powerful open-source network analysis tool that allows users to monitor traffic and detect malicious activities. Users can write packages to detect cybersecurity events, like this GitHub repo that detects C2 from AgentTesla... Read more »

Corelight delivers data aggregation to reduce SIEM ingest by 50-80% compared to legacy network security monitoring tools

By Cynthia Gonzalez – February 18, 2025

According to Forrester Research, “How do we reduce our SIEM ingest costs?” is one of the top inquiries they receive from clients. Many security organizations rely on SIEMs for their detection, investigation, and response workflows, ingesting... Read more »

Understand and detect MITRE Caldera with Zeek®

By Keith J. Jones – February 14, 2025

What is MITRE Caldera? MITRE’s Caldera is a cybersecurity platform developed to simulate adversarial tactics, techniques, and procedures (TTPs). Built upon the MITRE ATT&CK framework, Caldera is an open-source tool designed to help cybersecurity... Read more »

Why NDR is essential to protecting your cloud workloads

By David Burkett – February 3, 2025

How Corelight Open NDR secures cloud workloads beyond runtime security tools. Read more »

Thrown in the deep end: My first time hunting in the Black Hat NOC

By Matt Ellison – January 28, 2025

If you have even a passing interest in cybersecurity, you no doubt have heard of Black Hat, the eponymously named conference that launched in 1997 in Las Vegas. Nearly 30 years later Black Hat is a global phenomenon that bears little resemblance to... Read more »

Corelight and Microsoft: A smarter way to fight alert fatigue

By Allen Marin – January 14, 2025

For SOC teams, the battle against cyber threats can feel like trying to solve a 3D jigsaw puzzle in a bouncy house with missing pieces and a timer blasting every few seconds. Despite the increase in security spending, most teams still struggle with... Read more »

Corelight delivers static file analysis with YARA integration

By Christopher Sather – December 11, 2024

Malicious files continue to be a significant threat to organizations; SonicWall reported more than six billion malware attacks in 2023. To help organizations prepare for and stay ahead of these threats, we’re introducing an integration with YARA... Read more »

How YARA rules can complement NDR for malware detection

By Cynthia Gonzalez – December 10, 2024

The Verizon 2024 Data Breach Investigations Report found that system intrusion is the leading attack pattern for the third consecutive year, accounting for 36% of breaches. System intrusion largely consists of a threat actor using hacking techniques... Read more »

It’s Typhoon Season: Attackers are deliberately evading EDR. What can you do about it?

By Vince Stoffer – December 6, 2024

Introduction Over the past year, several sophisticated cyber-espionage campaigns have grabbed the attention of our industry and challenged defenders and vendors alike with advanced tactics, techniques, and procedures (TTPs). One of the most visible... Read more »

Detecting Quasar Windows RAT

By Tillson Galloway – November 22, 2024

Welcome to Corelight Labs' latest hunt! This blog continues our tradition of analyzing trending threat groups and TTPs on Any.Run and writing detectors for them, providing the community with open-source threat intelligence, and acting as a tutorial... Read more »