Skip to content
  • There are no suggestions because the search field is empty.
PROTECTING OVER $1B IN DAILY TRADES
DEFENDING ENERGY FOR 32+M U.S. USERS
SECURING NETWORKS FOR 52K+ TRANSPORT VEHICLES
PROTECTING OVER $10T IN MANAGED ASSETS
SECURING 16+M ANNUAL PATIENT VISITS
+1(888) 547-9497
Product

C2 Collection

Find command and control activity on your network.

Read white paper

Find DGA, DNS, and ICMP tunneling

Is an attacker remotely controlling assets on your network? Corelight’s C2 Collection has the answers with over 50 unique insights and detections that illuminate command and control activity. Battle-tested by some of the world’s most sophisticated organizations, this collection covers known C2 toolkits and MITRE ATT&CK® C2 techniques to find novel attacks. Read about how to detect the Manjusaka C2 framework.

Corelight Collections are detection sets included with your Corelight subscription and can be activated depending on your needs.

  • Catch attacker tunnels camouflaged as normal traffic
  • Find Cobalt Strike, Empire, Metasploit, and other common tools
  • 50+ unique C2 detections and insights that enhance MITRE ATT&CK coverage
Download data sheet Get a demo
c2-collection-info

Detections

How it works

The C2 Collection offers over 50 insights and detections into HTTP C2 communications including tunneling and domain generation algorithms. It employs Zeek® to analyze behavioral characteristics of network traffic, and integrates the results into Corelight’s comprehensive suite of evidence and analytics.

Read white paper
c2-how-it-works