Corelight Bright Ideas Blog: NDR & Threat Hunting Blog

Cooking up a year of faster, smarter, and tastier security

By Vijit Nair – December 19, 2024

If there’s one thing I love more than delivering great products, it’s delivering great food. The holidays are my time to channel my inner celebrity chef: I’ll burn a few cookies, over-spice a roast, and then miraculously pull it all together for a... Read more »

Corelight delivers static file analysis with YARA integration

By Christopher Sather – December 11, 2024

Malicious files continue to be a significant threat to organizations; SonicWall reported more than six billion malware attacks in 2023. To help organizations prepare for and stay ahead of these threats, we’re introducing an integration with YARA... Read more »

How YARA rules can complement NDR for malware detection

By Cynthia Gonzalez – December 10, 2024

The Verizon 2024 Data Breach Investigations Report found that system intrusion is the leading attack pattern for the third consecutive year, accounting for 36% of breaches. System intrusion largely consists of a threat actor using hacking techniques... Read more »

Want better network visibility? Don't just go with the (net)flow

By Mark Overholser – September 23, 2024

In the Black Hat Network Operations Center (NOC), the conference’s leadership team must assemble best-in-class technologies that complement each other to build and harden an enterprise-grade network in just a few days. Then, the NOC must... Read more »

Stronger Security with Corelight and Mandiant Managed Defense

By Allen Marin – September 18, 2024

At Corelight, we’re thrilled when a respected cybersecurity leader like Mandiant introduces a new offering based on our solution. This week, Mandiant Managed Defense unveiled support for Corelight Open NDR, a move that strengthens our existing... Read more »

Corelight Open NDR Achieves VMware Ready for Telco Cloud Infrastructure Certification

By Lisa Karas – September 17, 2024

Accelerate Your Hybrid Cloud Security with Corelight Open NDR, now in the VMware Marketplace Read more »

Detecting Abuse of NetSupport Manager

By Corelight Labs Team – September 11, 2024

Welcome to the latest hunt from Corelight Labs! This blog continues our tradition of analyzing trending TTPs on Any.Run and writing detectors for them. Read more »

Enhancing Incident Response with 1-Click Entity Isolation

By Sahidya Devadoss – May 29, 2024

We are excited to announce a significant enhancement to our Entity Enrichment integration with CrowdStrike Falcon: the 1-Click Response action. This new feature empowers SOC analysts to isolate a host directly from Corelight Investigator, leveraging... Read more »

Dual Defenses: 9 Reasons Why Open NDR Is Essential Alongside NGFW

By Ed Smith – March 1, 2024

Securing a network against the myriad of evolving cyber threats requires more than just a robust firewall or endpoint protection platform; it demands a multifaceted approach. Corelight’s Open Network Detection and Response (NDR) Platform complements... Read more »

Inside the Mind of a Cybersecurity Threat Hunter Part 2: Identifying Persistence Techniques

By Allen Marin – February 26, 2024

In this second post of our threat hunting with Corelight and CrowdStrike blog series we dive into Persistence, which is one the many tactical categories outlined in the MITRE ATT&CK framework. In our previous blog, we reviewed some of the common... Read more »