Corelight Bright Ideas Blog: NDR & Threat Hunting Blog

Inside the Mind of a Cybersecurity Threat Hunter Part 2: Identifying Persistence Techniques

By Allen Marin – February 26, 2024

In this second post of our threat hunting with Corelight and CrowdStrike blog series we dive into Persistence, which is one the many tactical categories outlined in the MITRE ATT&CK framework. In our previous blog, we reviewed some of the common... Read more »

What makes evidence uniquely valuable?

By Gregory Bell – May 18, 2022

Editor's note: This is the third in a series of Corelight blog posts focusing on evidence-based security strategy. Catch up on all of the posts here. American novelist F. Scott Fitzgerald famously wrote that “the test of a first-rate intelligence is... Read more »

Corelight & Microsoft Defender for IoT: Through an XDR lens

By Brian Dye – November 16, 2021

What is the XDR paradox? It’s the hottest term in security but there is no consensus yet on the right definition. Why is that? Many organizations have deployed EDR and are benefiting from it, but also looking to the gaps that EDR can’t address such... Read more »

Expanded Suricata detections with Dtection.io

By Alex Kirk – November 4, 2021

One of the most common questions that Corelight customers and prospects who are using our Suricata integration ask is “what signatures should I run?” While our answer has always started with the industry-standard Emerging Threats Pro feed, we... Read more »

Microsoft + Corelight partner to stop IoT attacks

By Ed Smith – November 2, 2021

When you hear the term “Internet of Things,” (IoT) do you picture home devices like lightbulbs, smart assistants, and wifi-connected refrigerators? Perhaps you think of enterprise devices like video conferencing systems, smart sensors, or security... Read more »

Corelight accelerates OMB logging adoption

By Jean Schaffer – October 7, 2021

In case you missed the Office of Management and Budget (OMB) (memo M-21-31), Improving the Federal Government’s Investigative and Remediation Capabilities Related to Cybersecurity Incidents, let me provide you the information that you need to know... Read more »

Monitoring networks for Chinese State-Sponsored Cyber Operations

By Alex Kirk – August 18, 2021

The US federal government recently took an unprecedented step in the fight against cyber espionage, publishing detailed technical guidance on tactics and techniques used by Chinese state-sponsored actors. Read more »

C2 detections, RDP insights and NDR at 100G

By John Gamble – May 17, 2021

Today I am excited to announce Corelight’s v21 release, which delivers dozens of powerful C2 detections, extends analyst visibility around RDP connections, and helps organizations scale network detection and response workloads in high throughput... Read more »

Introducing the C2 Collection and RDP inferences

By Vince Stoffer – May 17, 2021

We’re excited to announce that the Command and Control (C2) Collection is now available with today’s launch of version 21 of the Corelight software. One of the most important ways that defenders can quickly identify and contain a security incident... Read more »

CrowdStrike + Corelight partner to reach new heights

By Lana Knop – April 21, 2021

Through our newly announced partnership with CrowdStrike, Corelight customers will be able to incorporate CrowdStrike’s best-in-class threat intelligence into Corelight Sensors to generate actionable alerts and network evidence. In addition, by... Read more »