Corelight Bright Ideas Blog: NDR & Threat Hunting Blog

Community ID support for Wireshark

By Christian Kreibich – October 6, 2020

The past few weeks have seen several developments around Community ID, our open standard for rendering network traffic flow tuples into a concise textual representation. I’d like to summarize them in this blog post. Read more »

NDR for AWS Well-Architected

By Roger Cheeks – August 5, 2020

Corelight is a powerful network traffic analysis tool that enables network detection and response (NDR) for AWS Cloud workloads by receiving packets from an AWS Virtual Private Cloud (VPC) traffic mirror and cloud packet brokers. Corelight extracts... Read more »

Corelight Splunk App update: New dashboard and data

By Roger Cheeks – July 19, 2020

In support of Corelight’s latest software release, v19, we are pleased to launch our newest installment of the Corelight App for Splunk (Corelight App) and the Corelight Technical Add-on (TA). Both software packages are available on Splunkbase. The... Read more »

Zeek & Sigma: Fully compatible for cross-SIEM detections

By Alex Kirk – June 24, 2020

Corelight recently teamed up with SOC Prime, creators of advanced cyber analytics platforms, to add support for the entire Zeek data set into Sigma, the only generic signature language that enables cross-SIEM detections from a single toolset.... Read more »