Corelight Bright Ideas Blog: NDR & Threat Hunting Blog

Introducing the Cloud Sensor for GCP

By Vijit Nair – November 23, 2020

Visibility is paramount in securing your cloud environment – as the adage goes, you cannot protect what you do not see. However, comprehensive visibility in an IaaS (infrastructure as a service) environment is elusive – you need to make sure that... Read more »

Who’s your fridge talking to at night?

By Gary Fisk – November 18, 2020

I love origin stories – the tales of grand plans, unforeseen circumstances, and necessity that creates something new. These strange times have resulted in something new from Corelight, and I’d like to share how it came to be. Read more »

Small, fast and easy. Pick any three.

By Seth Hall – November 17, 2020

Zeek has been the darling of security defenders looking to get deep visibility into network traffic. Over the last two decades, Zeek has become a household name – widely used by enterprise organizations, educational institutions and government... Read more »

Beating alert fatigue with integrated data

By Alex Kirk – October 7, 2020

More than 15 years after Gartner declared that “IDS is dead” because it was too noisy to be effectively managed, alert fatigue continues to be a central theme of life in modern SOCs, with a majority of SOCs still unable to process all the alerts... Read more »

Detecting Zerologon (CVE-2020-1472) with Zeek

By Yacin Nadji – September 15, 2020

CVE-2020-1472 aka Zerologon, disclosed by Tom Tervoort of Secura, is an illustrative case study of how a small implementation mistake in cryptographic routines cascades into a privilege escalation vulnerability that allows an attacker to change the... Read more »

Meet the Corelight CTF tournament winners

By John Gamble – September 14, 2020

This summer, Corelight hosted a virtual CTF tournament where hundreds of players raced to solve security challenges using Zeek data in Splunk and Elastic. After the preliminary rounds, we invited the top performers back for a champions round and... Read more »

Corelight Splunk App update: New dashboard and data

By Roger Cheeks – July 19, 2020

In support of Corelight’s latest software release, v19, we are pleased to launch our newest installment of the Corelight App for Splunk (Corelight App) and the Corelight Technical Add-on (TA). Both software packages are available on Splunkbase. The... Read more »

Watch over DNS traffic with Corelight and Splunk

By Roger Cheeks – March 31, 2020

Corelight sensors put your organization in the best position to watch over DNS traffic with a rich, powerful Network Traffic Analysis (NTA) data set. This article highlights the benefits of Corelight DNS logs, and demonstrates how Splunk Enterprise... Read more »

New Corelight app for Splunk: Making network-based threat hunting easier

By Ed Smith – November 18, 2019

Want to use Zeek (formerly Bro) network data in Splunk ES, but don’t know how to start or where to look? Read more »

The Elephant in the SIEM War Room

By Brian Dye – March 11, 2019

Last week’s RSA announcements included a pair of new entrants in to the SIEM space, Google Chronicle’s Backstory and Microsoft’s Azure Sentinel. While the entry of larger players in to the SIEM space is an eyebrow-raiser on its own, in conjunction... Read more »