Corelight Bright Ideas Blog: NDR & Threat Hunting Blog

C2 detections, RDP insights and NDR at 100G

By John Gamble – May 17, 2021

Today I am excited to announce Corelight’s v21 release, which delivers dozens of powerful C2 detections, extends analyst visibility around RDP connections, and helps organizations scale network detection and response workloads in high throughput... Read more »

Introducing the C2 Collection and RDP inferences

By Vince Stoffer – May 17, 2021

We’re excited to announce that the Command and Control (C2) Collection is now available with today’s launch of version 21 of the Corelight software. One of the most important ways that defenders can quickly identify and contain a security incident... Read more »

How do you know?

By Charles Strauss – May 17, 2021

Can you be sure attackers aren’t hiding in your encrypted traffic? Can your investigators go back 18 months ago to find what they need? Do your DNS queries all have responses, and are they what you expected? Do your alerts mean something, or nothing? Read more »

Pingback: ICMP Tunneling Malware

By Corelight Labs Team – May 6, 2021

Recently, Trustwave reported on a new malware family which they discovered during a breach investigation. The backdoor, dubbed Pingback, executes on Windows systems and communicates with its controller via ICMP messages. ICMP (Internet Control... Read more »

CrowdStrike + Corelight partner to reach new heights

By Lana Knop – April 21, 2021

Through our newly announced partnership with CrowdStrike, Corelight customers will be able to incorporate CrowdStrike’s best-in-class threat intelligence into Corelight Sensors to generate actionable alerts and network evidence. In addition, by... Read more »

Extending NDR visibility in AWS IaaS

By Vijit Nair – April 7, 2021

Comprehensive visibility is challenging in a cloud environment. While these environments are rich sources of telemetry and logs, it is challenging for security teams to ensure that logging is configured (and stays configured) on every service, to... Read more »

Maximize your Splunk ES investment with Corelight

By Roger Cheeks – March 16, 2021

Are you looking to threat hunt but lack sufficient network and IDS data? Have you tried to accelerate your incident response process with better data, but run into dead ends that require data scientists or significant data model modification? Maybe... Read more »

Getting the most out of your NIDS

By Jon Natkins – March 7, 2021

Network Intrusion Detection Systems (NIDS) are widely deployed by the most sophisticated blue teams in the world. For well-funded organizations, there is little question about the value of NIDS, but adoption is not uniform across the entire... Read more »

Who’s your fridge talking to at night?

By Gary Fisk – November 18, 2020

I love origin stories – the tales of grand plans, unforeseen circumstances, and necessity that creates something new. These strange times have resulted in something new from Corelight, and I’d like to share how it came to be. Read more »

Community ID support for Wireshark

By Christian Kreibich – October 6, 2020

The past few weeks have seen several developments around Community ID, our open standard for rendering network traffic flow tuples into a concise textual representation. I’d like to summarize them in this blog post. Read more »