Corelight Bright Ideas Blog: NDR & Threat Hunting Blog

Simplify SOC analyst experience with the enhanced Corelight Splunk App

By Claudio Cruz – May 29, 2024

Security operations centers (SOCs) play a vital role in detection, containment and mitigation of today’s advanced cyber attacks. SoC teams are also responsible for proactively hunting for threats, and improving the organization’s overall security... Read more »

Enhancing Incident Response with 1-Click Entity Isolation

By Sahidya Devadoss – May 29, 2024

We are excited to announce a significant enhancement to our Entity Enrichment integration with CrowdStrike Falcon: the 1-Click Response action. This new feature empowers SOC analysts to isolate a host directly from Corelight Investigator, leveraging... Read more »

Takeaways from RSA 2024

By Ashish Malpani – May 15, 2024

RSA 2024 is a wrap. After multiple conversations with security leaders and partners on the show floor and during different sessions and happy hours, it’s time to look back and reflect on the biggest takeaways from the conference. Read more »

Fuel for Security AI

By Brian Dye – April 30, 2024

The big idea behind Corelight has always been simple: ground truth is priceless. What really happened, both now and looking back in time. Whether it is used to detect attacks, investigate routine alerts, respond to new vulnerabilities or a full... Read more »

Dual Defenses: 10 Reasons Why NDR Is Essential Alongside EDR

By Ed Smith – January 10, 2024

Over the last few years, the evolution of cybersecurity strategies has seen a significant shift toward a more layered, nuanced, and, in many cases, advanced approach. Among these advancements, Network Detection and Response (NDR) has emerged as a... Read more »

The Art of Team Building: Blueprints from the Black Hat NOC

By Dustin Lee – October 31, 2023

It has been a distinct honor to be a part of the Corelight team that helped defend this year’s Black Hat events. I started the event season in the Network Operations Center (NOC) at Black Hat Asia, and then capped it off at Black Hat in Las Vegas.... Read more »

Writing a Zeek package in TypeScript with ZeekJS

By Simeon Miteff – October 26, 2023

Zeek® is the world’s most widely used network security monitoring platform and is the foundation for Corelight network evidence. In this blog I share how to write a Zeek package in TypeScript with a new capability called ZeekJS that was released as... Read more »

Turning the tables on the infiltrator

By Ben Reardon – October 16, 2023

This article was originally featured in TechBeacon. Read more »

Celebrating CrowdStrike’s New Network Detection Service “Powered by Corelight”

By Allen Marin – June 1, 2023

Several months ago, we announced that our strategic alliance partner CrowdStrike decided to use our Open NDR technology across its professional services portfolio. This wasn’t just a meaningful validation for us—it was also a testament to the... Read more »

Key takeaways from RSA 2023: #BetterTogether and AI in security

By Ed Smith – May 8, 2023

Whether or not you made it to RSA 2023, here are two key themes we saw throughout this year’s conference. Read more »