Corelight Bright Ideas Blog: NDR & Threat Hunting Blog

Adventures in monitoring a hostile network: Black Hat Europe 2024

By Mark Overholser – January 28, 2025

Working in the network operating center (NOC) at Black Hat Europe, we’re never quite sure what we’re going to see. The anxiousness I feel there is similar to what I’d experience when I was blue-teaming for a corporate network. I could prepare all I... Read more »

Thrown in the deep end: My first time hunting in the Black Hat NOC

By Matt Ellison – January 28, 2025

If you have even a passing interest in cybersecurity, you no doubt have heard of Black Hat, the eponymously named conference that launched in 1997 in Las Vegas. Nearly 30 years later Black Hat is a global phenomenon that bears little resemblance to... Read more »

Cooking up a year of faster, smarter, and tastier security

By Vijit Nair – December 19, 2024

If there’s one thing I love more than delivering great products, it’s delivering great food. The holidays are my time to channel my inner celebrity chef: I’ll burn a few cookies, over-spice a roast, and then miraculously pull it all together for a... Read more »

Corelight delivers static file analysis with YARA integration

By Christopher Sather – December 11, 2024

Malicious files continue to be a significant threat to organizations; SonicWall reported more than six billion malware attacks in 2023. To help organizations prepare for and stay ahead of these threats, we’re introducing an integration with YARA... Read more »

How YARA rules can complement NDR for malware detection

By Cynthia Gonzalez – December 10, 2024

The Verizon 2024 Data Breach Investigations Report found that system intrusion is the leading attack pattern for the third consecutive year, accounting for 36% of breaches. System intrusion largely consists of a threat actor using hacking techniques... Read more »

Corelight launches the Entity Collection

By Vince Stoffer – December 13, 2022

Corelight Labs, our amazing research team, has been hard at work on another content collection which we are excited to introduce: the Corelight Entity Collection. Read more »

The best cybersecurity defense is great evidence

By Jean Schaffer – July 19, 2022

Editor's note: This is the fifth in a series of Corelight blog posts focusing on evidence-based security strategy. Catch up on all of the posts here. Read more »

What makes evidence uniquely valuable?

By Gregory Bell – May 18, 2022

Editor's note: This is the third in a series of Corelight blog posts focusing on evidence-based security strategy. Catch up on all of the posts here. American novelist F. Scott Fitzgerald famously wrote that “the test of a first-rate intelligence is... Read more »

Another day, another DCE/RPC RCE

By Corelight Labs Team – May 17, 2022

CVE-2022-26809 was patched in Microsoft’s previous Patch Tuesday (April 12) and it’s a doozy: remote code execution on affected versions of DCE/RPC hosts. The vulnerability attracted a lot of attention in the security community, both because of its... Read more »

Smart PCAP and threat detection in the cloud

By John Gamble – August 3, 2021

I am thrilled to publicly launch Corelight software version 22, which introduces a transformative new security product, Smart PCAP, and also enables threat detection in the cloud by extending Corelight’s Open NDR support for Suricata across... Read more »