Corelight Bright Ideas Blog: NDR & Threat Hunting Blog

No tap? No problem!

By Richard Bejtlich – October 21, 2019

Recently a fan of network security monitoring (NSM) asked me for advice on his current instrumentation situation. He said his organization was new to NSM and was interested in pursuing solutions with Corelight. However, the company did not have any... Read more »

An attack or just a game? Corelight can help you tell the difference quickly

By Richard Bejtlich – September 11, 2019

When we think about using Corelight data, our mental models often fixate on finding evidence of suspicious and malicious activity. This makes sense, as network security monitoring data generated by Corelight and Zeek combines the granularity of... Read more »

First, Do No Harm

By Richard Bejtlich – March 13, 2019

When we hear the phrase “first, do no harm,” most of us think of the Hippocratic Oath and its guidance for physicians. I was surprised to learn that the phrase as translated does not actually appear in the Greek, and that the origins are more... Read more »

How Bro logs gave one company better DNS traffic visibility than their DNS servers

By Howard Samuels – June 10, 2018

Bro provides enriched network visibility for top organizations around the world, and there are many use cases for Bro logs. The security field uses Bro data for incident response and cyber threat hunting. But Bro log use cases don’t always have to... Read more »

Another cool thing about Bro: tracking files!

By Vince Stoffer – September 14, 2017

You probably know that Bro generates real-time data about network flows, highly valued by threat hunters & incident responders around the world. But Bro can do a lot more, and in this blog series, we’ll highlight lesser-known features from time to... Read more »