Read the Gartner® Competitive Landscape: Network Detection and Response Report

GET THE REPORT >

Read the Gartner® Competitive Landscape: Network Detection and Response Report

GET THE REPORT >
CONTACT US
CONTACT US

START HERE

Why Open NDR

 

WHY CORELIGHT

Evidence-based security

Detections & analytics

Faster investigation

Complete visibility

    SOLUTIONS

    Cloud security

    Encrypted traffic

    Federal

    Ransomware

    Threat hunting

     

    CORELIGHT LABS

    Recent research

    Mission and team

    Polaris program

      STRATEGIC PARTNERS

      Overview

      Crowdstrike

      Google Cloud

      Microsoft

      Splunk

      Elastic
        forrester wave report 2023

        Close your ransomware case with Open NDR

        SEE HOW

        OVERVIEW

        Open NDR Platform

        Analytics & detections

        MITRE ATT&CK®

         

        PRODUCTS

        Zeek®-based evidence

        IDS

        Smart PCAP

        Investigator

          SENSORS

          Appliances

          Cloud

          Software

          Virtual

          Fleet Manager

          View all products

            SERVICES

            Training

             

            ALLIANCES

            CrowdStrike

            Google Cloud

            Microsoft

            Splunk

            Elastic

            View all

             

            USE CASES

            Case Studies

            View all
              Download our free guide to find hidden attackers.

              Find hidden attackers with Open NDR

              SEE HOW

              TECHNOLOGY INTEGRATIONS

              Partner ecosystem

              Technology partners directory

               

                FOR PARTNERS

                Deal registration

                Become a Channel Partner

                Partner Academy sign up

                Alliance Academy sign up
                  cloud-network

                  Corelight announces cloud enrichment for AWS, GCP, and Azure

                  READ MORE

                  corelight partner programe guide

                  Corelight's partner program

                  VIEW PROGRAM

                  BLOG

                  Read the latest

                   

                  EVENTS

                  Meet with us

                   

                  RESOURCE CENTER

                  Document Library

                    GLOSSARY

                    NDR (Network Detection & Response)

                    NDR vs. XDR vs. EDR

                    Cloud Security Solutions

                    Intrusion Detection System (IDS)

                    Packet Capture (PCAP)

                    Signature-Based Detection

                    IDS False Positive
                        glossary-icon

                        10 Considerations for Implementing an XDR Strategy

                        READ NOW

                        ad-images-nav_0006_Blog

                        Don't trust. Verify with evidence

                        READ BLOG

                        ABOUT US

                        About Corelight

                        Leadership

                        Investors

                          JOIN US

                          Careers

                          Current openings

                            NEWS & EVENTS

                            Newsroom

                            Media coverage

                            Events
                              video

                              The Power of Open-Source Tools for Network Detection and Response

                              WATCH THE WEBCAST

                              ad-nav-ESG

                              The Evolving Role of NDR

                              DOWNLOAD THE REPORT

                              SUPPORT SERVICES

                              Open a ticket

                              Account login

                              Technical bulletins

                              Report a security vulnerability

                                WORLD-CLASS SUPPORT

                                Support overview
                                    ad-images-nav_0006_Blog

                                    Detecting 5 Current APTs without heavy lifting

                                    READ BLOG

                                    g2-medal-best-support-spring-2024

                                    Network Detection and Response

                                    SUPPORT OVERVIEW

                                     

                                    C2 COLLECTION

                                    Find command and control activity on your network.

                                    READ WHITE PAPER

                                     

                                    Corelight C2 Collection icon

                                    FIND DGA, DNS, AND ICMP TUNNELING 

                                    Is an attacker remotely controlling assets on your network? Corelight’s C2 Collection has the answers with over 50 unique insights and detections that illuminate command and control activity. Battle-tested by some of the world’s most sophisticated organizations, this collection covers known C2 toolkits and MITRE ATT&CK® C2 techniques to find novel attacks. Read about how to detect the Manjusaka C2 framework.

                                    Corelight Collections are detection sets included with your Corelight subscription and can be activated depending on your needs.

                                    • Catch attacker tunnels camouflaged as normal traffic
                                    • Find Cobalt Strike, Empire, Metasploit, and other common tools
                                    • 50+ unique C2 detections and insights that enhance MITRE ATT&CK coverage

                                    DOWNLOAD DATA SHEET GET A DEMO

                                    Detections

                                    HTTP C2
                                    Detect known families of malware that conduct C2 communications over HTTP, such as Empire, Metasploit, and Cobalt Strike.

                                    DNS tunneling
                                    Detect DNS tunneling behavior as well as the presence of specific tunneling tools such as Iodine.

                                    ICMP tunneling
                                    Detect ICMP tunneling behavior as well as the presence of specific tunneling tools such as ICMP Shell.

                                    Domain generation algorithms (DGAs)
                                    Detect C2 traffic based on DNS activity from malware using domain generation algorithms.

                                    Meterpreter
                                    Detect C2 activity from Metasploit’s Meterpreter shell across HTTP and generic TCP/UDP traffic.

                                    And more...
                                    Over 50 additional insights and detections.

                                    How it works

                                    The C2 Collection offers over 50 insights and detections into HTTP C2 communications including tunneling and domain generation algorithms. It employs Zeek® to analyze behavioral characteristics of network traffic, and integrates the results into Corelight’s comprehensive suite of evidence and analytics.

                                    how-works-c2

                                    ANALYTICS

                                    Corelight Collections

                                    Collections are targeted categories of detections, inferences, and data transformation that provide deeper visibility into adversary activity. They cover encrypted traffic, command and control activity, entity activity, ICS/OT visibility, and more. Detections are viewable through Corelight Investigator, or via a SIEM, XDR, or other analytics platform.

                                    corelight-technology-diagram-1

                                     

                                    C2 detections, RDP insights, and NDR at 100G

                                    Introducing the C2 Collection and RDP inferences

                                    C2 Collection video

                                    Have questions?

                                    Talk with one of our experts today.

                                    CONTACT US