Get Started

          Network Security Monitoring

          CrowdStrike + Corelight partner to reach new heights

          Through our newly announced partnership with CrowdStrike, Corelight customers will be able to incorporate CrowdStrike’s best-in-class threat intelligence into Corelight Sensors to generate actionable alerts and network evidence. In addition, by... Read more »

          Extending NDR visibility in AWS IaaS

          Comprehensive visibility is challenging in a cloud environment. While these environments are rich sources of telemetry and logs, it is challenging for security teams to ensure that logging is configured (and stays configured) on every service, to... Read more »

          Maximize your Splunk ES investment with Corelight

          Maximize your Splunk ES investment with Corelight

          Are you looking to threat hunt but lack sufficient network and IDS data? Have you tried to accelerate your incident response process with better data, but run into dead ends that require data scientists or significant data model modification? Maybe... Read more »

          Getting the most out of your NIDS

          Network Intrusion Detection Systems (NIDS) are widely deployed by the most sophisticated blue teams in the world. For well-funded organizations, there is little question about the value of NIDS, but adoption is not uniform across the entire... Read more »

          Who’s your fridge talking to at night?

          Who’s your fridge talking to at night?

          I love origin stories – the tales of grand plans, unforeseen circumstances, and necessity that creates something new. These strange times have resulted in something new from Corelight, and I’d like to share how it came to be. Read more »

          Community ID support for Wireshark

          The past few weeks have seen several developments around Community ID, our open standard for rendering network traffic flow tuples into a concise textual representation. I’d like to summarize them in this blog post. Read more »

          Give me my stats!

          I often develop packages for Zeek in cluster mode. In this configuration, it can be difficult to debug your package because it is a continually running environment with real, and often unpredictable, network data. If you add to that other packages... Read more »

          Mixed VLAN tags and BPF syntax

          This post contains a warning and a solution for anyone using BPF syntax when filtering traffic for network security monitoring.  Read more »

          Network Security Monitoring data: Types I, II, and III

          Some critics claim that ever growing encryption renders network security monitoring useless. This opinion is based on a dated understanding of the types and values of data collected and analyzed by computer incident response teams (CIRTs) that... Read more »

          DNS over TLS and DNS over HTTPS

          In this post, we’ll explore DNS over TLS (DoT) and DNS over HTTPS (DoH).  Read more »

          Search

            Recent Posts