CONTACT US
forrester wave report 2023

Forrester rates Corelight a strong performer

GET THE REPORT

ad-nav-crowdstrike

Corelight now powers CrowdStrike solutions and services

READ MORE

ad-images-nav_0013_IDS

Alerts, meet evidence.

LEARN MORE ABOUT OUR IDS SOLUTION

ad-images-nav_white-paper

5 Ways Corelight Data Helps Investigators Win

READ WHITE PAPER

glossary-icon

10 Considerations for Implementing an XDR Strategy

READ NOW

ad-images-nav_0006_Blog

Don't trust. Verify with evidence

READ BLOG

ad-nav-NDR-for-dummies

NDR for Dummies

GET THE WHITE PAPER

video

The Power of Open-Source Tools for Network Detection and Response

WATCH THE WEBCAST

ad-nav-ESG

The Evolving Role of NDR

DOWNLOAD THE REPORT

ad-images-nav_0006_Blog

Detecting 5 Current APTs without heavy lifting

READ BLOG

g2-medal-best-support-ndr-winter-2024

Network Detection and Response

SUPPORT OVERVIEW

 

Siem

Beating alert fatigue with integrated data

More than 15 years after Gartner declared that “IDS is dead” because it was too noisy to be effectively managed, alert fatigue continues to be a central theme of life in modern SOCs, with a majority of SOCs still unable to process all the alerts... Read more »

NDR for AWS Well-Architected

Corelight is a powerful network traffic analysis tool that enables network detection and response (NDR) for AWS Cloud workloads by receiving packets from an AWS Virtual Private Cloud (VPC) traffic mirror and cloud packet brokers. Corelight extracts... Read more »

Zeek & Sigma: Fully compatible for cross-SIEM detections

Corelight recently teamed up with SOC Prime, creators of advanced cyber analytics platforms, to add support for the entire Zeek data set into Sigma, the only generic signature language that enables cross-SIEM detections from a single toolset.... Read more »

Chocolate and peanut butter, Zeek and Suricata

Some things just go well together. A privilege of working with very sophisticated defenders in the open source community is seeing the design patterns they use to secure their organizations – both technology and workflows. One of the most common has... Read more »

Watch over DNS traffic with Corelight and Splunk

Corelight sensors put your organization in the best position to watch over DNS traffic with a rich, powerful Network Traffic Analysis (NTA) data set. This article highlights the benefits of Corelight DNS logs, and demonstrates how Splunk Enterprise... Read more »

Countering network resident threats

Vendors often claim that their products or services counter, mitigate, or otherwise affect “nation state threats.” When I worked as a director of incident response at one company, and as a chief security officer at another, claims like these made no... Read more »

New Corelight app for Splunk: Making network-based threat hunting easier

Want to use Zeek (formerly Bro) network data in Splunk ES, but don’t know how to start or where to look? Read more »

Don’t delay – Corelight today!

Introduction Recently I heard that a company interested in Corelight was considering delaying their evaluation because of questions about SIEM technology. They currently have two SIEMs and are evaluating a third, possibly to replace the first two.... Read more »

Hello, my name is??

Corelight just released our v17 software release and it’s packed with a number of cool new features including the Input Framework, Community ID, and MITRE’s BZAR collection of detections for lateral movement. Let me share a few details about how... Read more »

The Elephant in the SIEM War Room

Last week’s RSA announcements included a pair of new entrants in to the SIEM space, Google Chronicle’s Backstory and Microsoft’s Azure Sentinel. While the entry of larger players in to the SIEM space is an eyebrow-raiser on its own, in conjunction... Read more »