Get Started

          Soc

          How do you know?

          Can you be sure attackers aren’t hiding in your encrypted traffic? Can your investigators go back 18 months ago to find what they need? Do your DNS queries all have responses, and are they what you expected? Do your alerts mean something, or nothing? Read more »

          CrowdStrike + Corelight partner to reach new heights

          Through our newly announced partnership with CrowdStrike, Corelight customers will be able to incorporate CrowdStrike’s best-in-class threat intelligence into Corelight Sensors to generate actionable alerts and network evidence. In addition, by... Read more »

          Translating query into action

          One of the most important aspects of threat hunting is having a place to start. A question, a theory, or a hunch often begins the hunt. Where you end up may not be where you first intended, but a good hunt will always reveal new information about... Read more »

          Getting the most out of your NIDS

          Network Intrusion Detection Systems (NIDS) are widely deployed by the most sophisticated blue teams in the world. For well-funded organizations, there is little question about the value of NIDS, but adoption is not uniform across the entire... Read more »

          Introducing the Cloud Sensor for GCP

          Introducing the Cloud Sensor for GCP

          Visibility is paramount in securing your cloud environment – as the adage goes, you cannot protect what you do not see. However, comprehensive visibility in an IaaS (infrastructure as a service) environment is elusive – you need to make sure that... Read more »

          Together is faster: Zeek for vulnerabilities

          “There is an open approach that is currently rippling across the infosec industry that could give defenders the acceleration they need.” – John Lambert (Distinguished Engineer, Microsoft)  Read more »

          Corelight Splunk App update: New dashboard and data

          In support of Corelight’s latest software release, v19, we are pleased to launch our newest installment of the Corelight App for Splunk (Corelight App) and the Corelight Technical Add-on (TA). Both software packages are available on Splunkbase. The... Read more »

          Zeek & Sigma: Fully compatible for cross-SIEM detections

          Corelight recently teamed up with SOC Prime, creators of advanced cyber analytics platforms, to add support for the entire Zeek data set into Sigma, the only generic signature language that enables cross-SIEM detections from a single toolset.... Read more »

          New Corelight app for Splunk: Making network-based threat hunting easier

          Want to use Zeek (formerly Bro) network data in Splunk ES, but don’t know how to start or where to look? Read more »

          The Elephant in the SIEM War Room

          Last week’s RSA announcements included a pair of new entrants in to the SIEM space, Google Chronicle’s Backstory and Microsoft’s Azure Sentinel. While the entry of larger players in to the SIEM space is an eyebrow-raiser on its own, in conjunction... Read more »

          Search

            Recent Posts