Corelight Bright Ideas Blog: NDR & Threat Hunting Blog

Edge exploits, EDR blind spots, 51-second breakouts

By Vijit Nair – April 30, 2025

For every advancement in defense, attackers supply the equal and opposite adaptation. In the last few years EDRs have become so effective that adversaries have radically shifted gears. That shift shows up unmistakably in three heavyweight... Read more »

Cloud your way: Expanding threat visibility to meet the unique needs of your business

By Allen Marin – April 29, 2025

Let’s face it: The cloud has become the go-to platform for modern infrastructure—and for good reason. Scalability, flexibility, and speed are hard to beat. But as organizations increasingly rely on the cloud to run their critical operations, the... Read more »

Your network evidence, your SIEM, your way: Corelight’s open SIEM strategy empowers SOCs with a unified experience

By Ricky Lin – April 25, 2025

Security operations centers (SOCs) are under constant pressure to keep their organizations secure, while battling alert fatigue, tool sprawl, and ever-rising demands for speed and precision. Analysts today face an overwhelming landscape where... Read more »

Adventures in monitoring a hostile network: Black Hat Europe 2024

By Mark Overholser – January 28, 2025

Working in the network operating center (NOC) at Black Hat Europe, we’re never quite sure what we’re going to see. The anxiousness I feel there is similar to what I’d experience when I was blue-teaming for a corporate network. I could prepare all I... Read more »

Thrown in the deep end: My first time hunting in the Black Hat NOC

By Matt Ellison – January 28, 2025

If you have even a passing interest in cybersecurity, you no doubt have heard of Black Hat, the eponymously named conference that launched in 1997 in Las Vegas. Nearly 30 years later Black Hat is a global phenomenon that bears little resemblance to... Read more »

Cooking up a year of faster, smarter, and tastier security

By Vijit Nair – December 19, 2024

If there’s one thing I love more than delivering great products, it’s delivering great food. The holidays are my time to channel my inner celebrity chef: I’ll burn a few cookies, over-spice a roast, and then miraculously pull it all together for a... Read more »

Corelight delivers static file analysis with YARA integration

By Christopher Sather – December 11, 2024

Malicious files continue to be a significant threat to organizations; SonicWall reported more than six billion malware attacks in 2023. To help organizations prepare for and stay ahead of these threats, we’re introducing an integration with YARA... Read more »

How YARA rules can complement NDR for malware detection

By Cynthia Gonzalez – December 10, 2024

The Verizon 2024 Data Breach Investigations Report found that system intrusion is the leading attack pattern for the third consecutive year, accounting for 36% of breaches. System intrusion largely consists of a threat actor using hacking techniques... Read more »

Corelight launches the Entity Collection

By Vince Stoffer – December 13, 2022

Corelight Labs, our amazing research team, has been hard at work on another content collection which we are excited to introduce: the Corelight Entity Collection. Read more »

The best cybersecurity defense is great evidence

By Jean Schaffer – July 19, 2022

Editor's note: This is the fifth in a series of Corelight blog posts focusing on evidence-based security strategy. Catch up on all of the posts here. Read more »