Corelight Bright Ideas Blog

Featured

How to React(.js) to React2Shell and detecting behaviors to catch the Next(.js) big RCE

Ground your defense against React2Shell in verifiable network evidence. Deploy high-fidelity Suricata detections to spot unauthenticated remote code...

David Burkett Dec 6, 2025

Adventures in monitoring a hostile network: Black Hat Europe 2024

Working in the NOC at Black Hat Europe, we’re never quite sure what we’re going to see.

Mark Overholser Jan 28, 2025

Zeek

VPNs are increasingly common - how much can you see?

Corelight just shipped our latest software release (v24) which includes a brand new addition to our Encrypted Traffic Collection: VPN Insights.

Vince Stoffer Mar 24, 2022

Tagged With: APT, BIRT, BlackHat, Business Inciden

Corelight & Microsoft Defender for IoT: Through an XDR lens

What is the XDR paradox? It’s the hottest term in security but there is no consensus yet on the right definition. Why is that?

Brian Dye Nov 16, 2021

Zeek

Ripple20 Zeek package open sourced

Today we are open sourcing a Zeek package that passively detects the presence of some of the tell-tale signs that Treck devices can exhibit.

Ben Reardon Jun 30, 2020

Network Security Monitoring

Enabling SOHO Network Security Monitoring

Here's how to instrument and enable network security monitoring for a small office – home office (SOHO) environment.

Richard Bejtlich Apr 8, 2020

Corelight announces cloud enrichment for AWS, GCP, and Azure

The Corelight Partner Program

10 considerations for implementing an XDR strategy

Don't trust. Verify with evidence

Network Detection & Response