As we finished rolling out our v21 software release, I was reminded of when I’d first read the 2015 “100G Intrusion Detection” paper written at...
This package runs on Corelight Sensors and provides network traffic analysis (NTA) inferences on live RDP traffic.
I am excited to announce Corelight’s v21 release, which delivers dozens of powerful C2 detections, extends analyst visibility around RDP connections,...
We’re excited to announce that the Command and Control (C2) Collection is now available with today’s launch of version 21 of the Corelight software.
Can you be sure attackers aren’t hiding in your encrypted traffic? It’s a fundamental question in enterprise security. Why? Imagine these two shops.
This blog will introduce a method of detecting the Pingback malware in which attackers often hide their communications in ping message payloads.
In this post I am going to walk you through the process I used to develop a package called “my_stats” that pulls memory information from a running...
This blog post explains three levels of analysis and how encryption has affected NSM, demonstrating that NSM remains relevant, despite encryption.
Corelight recently teamed up with SOC Prime, creators of advanced cyber analytics platforms, to add support for the entire Zeek data set into Sigma.