Get Started

          Product

          World’s first 100G Zeek sensor

          As we finished rolling out Corelight’s v21 software release, which saw the delivery of the world’s first 100G, 1U Zeek sensor, I was reminded of when I’d first read the “100G Intrusion Detection” paper written in 2015 at Berkeley Lab. The paper... Read more »

          C2 detections, RDP insights and NDR at 100G

          Today I am excited to announce Corelight’s v21 release, which delivers dozens of powerful C2 detections, extends analyst visibility around RDP connections, and helps organizations scale network detection and response workloads in high throughput... Read more »

          Introducing the C2 Collection and RDP inferences

          We’re excited to announce that the Command and Control (C2) Collection is now available with today’s launch of version 21 of the Corelight software. One of the most important ways that defenders can quickly identify and contain a security incident... Read more »

          Extending NDR visibility in AWS IaaS

          Comprehensive visibility is challenging in a cloud environment. While these environments are rich sources of telemetry and logs, it is challenging for security teams to ensure that logging is configured (and stays configured) on every service, to... Read more »

          Exchange exploitation and architecting for visibility

          The new Microsoft Exchange vulnerabilities disclosed earlier this month highlight the importance of  architecting for security visibility on the network.  Read more »

          Translating query into action

          One of the most important aspects of threat hunting is having a place to start. A question, a theory, or a hunch often begins the hunt. Where you end up may not be where you first intended, but a good hunt will always reveal new information about... Read more »

          Small, fast and easy. Pick any three.

          Small, fast and easy. Pick any three.

          Zeek has been the darling of security defenders looking to get deep visibility into network traffic. Over the last two decades, Zeek has become a household name – widely used by enterprise organizations, educational institutions and government... Read more »

          Community ID support for Wireshark

          The past few weeks have seen several developments around Community ID, our open standard for rendering network traffic flow tuples into a concise textual representation. I’d like to summarize them in this blog post. Read more »

          NDR for AWS Well-Architected

          Corelight is a powerful network traffic analysis tool that enables network detection and response (NDR) for AWS Cloud workloads by receiving packets from an AWS Virtual Private Cloud (VPC) traffic mirror and cloud packet brokers. Corelight extracts... Read more »

          Light in the darkness: New Corelight Encrypted Traffic Collection

          This week’s launch of version 18 of our software features the Encrypted Traffic Collection, our first collection of a series of detections and data enrichments created by the Corelight research team. This collection focuses on SSH, SSL/TLS... Read more »

          Search

            Recent Posts