Corelight Bright Ideas Blog: NDR & Threat Hunting Blog

Detecting CVE-2022-26937 with Zeek

By Corelight Labs Team – May 26, 2022

This month, Microsoft announced a vulnerability in NFS. The exploit lies in how an attacker can force a victim NFS server to request an address from the attacker’s fake NFS server. The address returned will overflow memory on the victim NFS server... Read more »

Corelight Investigator accelerates threat hunting

By Nick Hunter – May 25, 2022

This morning we announced Corelight Investigator, an open NDR platform that enables security teams with the next-level evidence they need to disrupt attacks and accelerate threat hunting through an easy-to-use, quick-to-deploy SaaS solution. Read more »

What makes evidence uniquely valuable?

By Gregory Bell – May 18, 2022

Editor's note: This is the third in a series of Corelight blog posts focusing on evidence-based security strategy. Catch up on all of the posts here. American novelist F. Scott Fitzgerald famously wrote that “the test of a first-rate intelligence is... Read more »

Network evidence for defensible disclosure

By Richard Bejtlich – May 5, 2022

Editor's note: This is the second in a series of Corelight blog posts focusing on evidence-based security strategy. Catch up on all of the posts here. Read more »

Sidecars for network monitoring

By Al Smith – April 21, 2022

Editor’s note: This is the second in a series of posts we have planned over the next several weeks where we explore topics such as network monitoring in Kubernetes, using sidecars to sniff and tunnel traffic, show a real-world example of detecting... Read more »

Explore Corelight evidence in Humio Community Edition

By Ed Smith – April 19, 2022

Now available: A free and easy way to learn about Humio and Corelight. Read more »

Deeper visibility into Kubernetes environments with network monitoring

By Vijit Nair – April 12, 2022

Editor’s note: This is the first in a series of posts we have planned over the next several weeks. We will explore topics such as network monitoring in Kubernetes, using sidecars to sniff and tunnel traffic, show a real-world example of detecting... Read more »

Application Layer Infrastructure Visibility in IaaS

By Ricky Lin – February 10, 2022

The migration to cloud provides faster time to deployment and elasticity, but often at some cost and complexity to infrastructure control and visibility. A concrete example we can use is a deployment of web servers with rational security group... Read more »

Security strategy for the next Log4Shell

By Brian Dye – December 22, 2021

Last week I had the privilege to be in Washington, DC talking to a group of defenders. I heard a clear pattern of words: “data-driven,” “telemetry-first,” and “visibility”. The defenders were focused on having the right telemetry to investigate both... Read more »

Corelight & Microsoft Defender for IoT: Through an XDR lens

By Brian Dye – November 16, 2021

What is the XDR paradox? It’s the hottest term in security but there is no consensus yet on the right definition. Why is that? Many organizations have deployed EDR and are benefiting from it, but also looking to the gaps that EDR can’t address such... Read more »