Corelight Bright Ideas Blog: NDR & Threat Hunting Blog

Watch over DNS traffic with Corelight and Splunk

By Roger Cheeks – March 31, 2020

Corelight sensors put your organization in the best position to watch over DNS traffic with a rich, powerful Network Traffic Analysis (NTA) data set. This article highlights the benefits of Corelight DNS logs, and demonstrates how Splunk Enterprise... Read more »

Using Corelight and Zeek to support remote workers

By Richard Bejtlich – March 24, 2020

Due to the tragic Covid-19 pandemic, as we are all experiencing first hand, most governments and health officials are either mandating or encouraging those who can work from home to do so, as part of widespread “social distancing” measures. Remote... Read more »

The high ground

By Charles Strauss – February 23, 2020

Introducing Corelight’s new story + the value of NTA Read more »

12 talks to see at RSA 2020

By Richard Bejtlich – February 9, 2020

RSA 2020 is fast approaching, and a colleague asked what talks I planned to attend. As I am not attending RSA, I thought I would answer her question anyway, with the hopes that those participating in the conference might benefit from my review of... Read more »

Corelight ECS mapping: Unified Zeek data for more efficient analytics

By Ed Smith – January 27, 2020

In addition to other great news we’ve recently shared, I’m pleased to announce that Corelight sensors now support the Elastic Common Schema (ECS) via our Corelight ECS Mapping. Read more »

Day 1 detection: CVE-2020-0601, a community, and 40 lines of code

By Richard Bejtlich – January 16, 2020

On Tuesday, Jan. 14, 2020, the world learned of the vulnerability du jour, CVE-2020-0601. As explained by Microsoft, “a spoofing vulnerability exists in the way Windows CryptoAPI (Crypt32.dll) validates Elliptic Curve Cryptography (ECC)... Read more »

Light in the darkness: New Corelight Encrypted Traffic Collection

By Vince Stoffer – November 19, 2019

This week’s launch of version 18 of our software features the Encrypted Traffic Collection, our first collection of a series of detections and data enrichments created by the Corelight research team. This collection focuses on SSH, SSL/TLS... Read more »

New Corelight app for Splunk: Making network-based threat hunting easier

By Ed Smith – November 18, 2019

Want to use Zeek (formerly Bro) network data in Splunk ES, but don’t know how to start or where to look? Read more »

A network engineer in a Zeek Week world

By Sarah Banks – November 4, 2019

With almost two decades of networking experience, I recently made my first foray into a security-centric user conference at Zeek Week, an annual conference for the user community of the open source network security monitoring platform known as Zeek... Read more »

No tap? No problem!

By Richard Bejtlich – October 21, 2019

Recently a fan of network security monitoring (NSM) asked me for advice on his current instrumentation situation. He said his organization was new to NSM and was interested in pursuing solutions with Corelight. However, the company did not have any... Read more »