CONTACT US
CONTACT US

START HERE

Why Open NDR

 

WHY CORELIGHT

Evidence-based security

Detections & analytics

Faster investigation

Complete visibility

    SOLUTIONS

    Cloud security

    Encrypted traffic

    Federal

    Ransomware

    Threat hunting

     

    CORELIGHT LABS

    Recent research

    Mission and team

    Polaris program

      STRATEGIC PARTNERS

      Overview

      Crowdstrike

      Google Cloud

      Microsoft

      Splunk

      Elastic
        forrester wave report 2023

        Close your ransomware case with Open NDR

        SEE HOW

        OVERVIEW

        Open NDR Platform

        Analytics & detections

        MITRE ATT&CK®

         

        PRODUCTS

        Zeek®-based evidence

        IDS

        Smart PCAP

        Investigator

          SENSORS

          Appliances

          Cloud

          Software

          Virtual

          Fleet Manager

          View all products

            SERVICES

            Training

             

            ALLIANCES

            CrowdStrike

            Google Cloud

            Microsoft

            Splunk

            Elastic

            View all

             

            USE CASES

            Case Studies

            View all
              ad-nav-crowdstrike

              Corelight now powers CrowdStrike solutions and services

              READ MORE

              ad-images-nav_0013_IDS

              Alerts, meet evidence.

              LEARN MORE ABOUT OUR IDS SOLUTION

              ad-images-nav_white-paper

              5 Ways Corelight Data Helps Investigators Win

              READ WHITE PAPER

              BLOG

              Read the latest

               

              EVENTS

              Meet with us

               

              RESOURCE CENTER

              Document Library

                GLOSSARY

                IDS False Positive

                NDR vs. XDR vs. EDR

                Digital Forensics & Incident Response (DFIR)

                Intrusion Detection System (IDS)

                NDR (Network Detection & Response)

                Packet Capture (PCAP)

                Signature-Based Detection
                    glossary-icon

                    10 Considerations for Implementing an XDR Strategy

                    READ NOW

                    ad-images-nav_0006_Blog

                    Don't trust. Verify with evidence

                    READ BLOG

                    ABOUT US

                    About Corelight

                    Careers

                    Leadership

                    Investors

                    Newsroom

                    Apex Awards

                      CHANNEL PARTNERS

                      Partner Program

                      Deal registration

                      Partner Academy

                      Become a Partner
                          ad-nav-NDR-for-dummies

                          NDR for Dummies

                          GET THE WHITE PAPER

                          video

                          The Power of Open-Source Tools for Network Detection and Response

                          WATCH THE WEBCAST

                          ad-nav-ESG

                          The Evolving Role of NDR

                          DOWNLOAD THE REPORT

                          SUPPORT SERVICES

                          Open a ticket

                          Account login

                          Technical bulletins

                          Report a security vulnerability

                            WORLD-CLASS SUPPORT

                            Support overview
                                ad-images-nav_0006_Blog

                                Detecting 5 Current APTs without heavy lifting

                                READ BLOG

                                g2-medal-best-support-ndr-winter-2024

                                Network Detection and Response

                                SUPPORT OVERVIEW

                                 

                                MITRE ATT&CK®

                                Corelight’s coverage includes comprehensive approaches to uncover over 80 techniques, with exceptional visibility into adversary methods used for Defense Evasion, Credential Access, Discovery, and Command and Control.

                                DOWNLOAD COVERAGE CHART

                                MITRE-hero-img

                                 

                                Visit our interactive MITRE ATT&CK navigator.

                                Corelight excels at spotting C2, Discovery, and more:

                                 
                                INITIAL ACCESS
                                Drive-by Compromise Exploit Public-Facing Application External Remote Services Phishing Valid Accounts
                                DEFENSE EVASION
                                Exploitation for Defense Evasion Hijack Execution Flow Indicator Removal on Host Masquerading Modify Authentication Process Modify Registry Process Injection Rogue Domain Controller Subvert Trust Controls Valid Accounts
                                CREDENTIAL ACCESS
                                Brute Force Credentials from Password Stores Forced Authentication Man-in-the-Middle Modify Authentication Processes OS Credential Dumping Steal or Forge Kerberos Tickets
                                DISCOVERY
                                Account Discovery Domain Trust Discovery File and Directory Discovery Network Service Scanning Network Share Discovery Password Policy Discovery Permission Groups Discovery Remote System Discovery System Information Discovery System Location Discovery System Location Discovery System Network Configuration Discovery System Network Connections DiscoverySystem Time Discovery
                                LATERAL MOVEMENT
                                Exploitation of Remote Services Lateral Tool Transfer Remote Service Session Hijacking Remote Services
                                C2
                                Application Layer Protocol Data Encoding Dynamic Resolution Encrypted Channel Fallback Channels Ingress Tool Transfer Non-Application Layer Protocol Non-Standard Port Protocol Tunneling Proxy Web Service

                                 

                                 

                                Additional coverage

                                Reconnaissance
                                • Active Scanning
                                • Gather Victim Network Information
                                • Search Open Technical Databases
                                • Search Open Websites/Domains
                                Execution
                                • Command and Scripting Interpreter
                                • Inter-Process Communication
                                • Scheduled Task/Job
                                • System Services
                                • User Execution
                                • Windows Management Instrumentation
                                Persistence
                                • Boot or Logon Autostart Execution
                                • Create or Modify System Process
                                • Event Triggered Execution
                                • External Remote Services
                                • Hijack Execution Flow
                                • Modify Authentication Process
                                • Office Application Startup
                                • Scheduled Task/Job
                                • Valid Accounts
                                Privilege Escalation
                                • Boot or Logon Autostart Execution
                                • Create or Modify System Process
                                • Event Triggered Execution
                                • External Remote Services
                                • Hijack Execution Flow
                                • Process Injection
                                • Scheduled Task/Job
                                • Valid Accounts
                                Collection
                                • Archive Collected Data
                                • Data from Local System
                                • Data from Network Shared Drive
                                • Data Staged
                                • Man-in-the-Middle
                                Exfiltration
                                • Automated Exfiltration
                                • Data Transfer Size Limits
                                • Exfiltration Over Alternative Protocol
                                • Exfiltration Over C2 Channel
                                • Exfiltration Over Web Service
                                • Transfer Data to Cloud Account
                                Impact
                                • Endpoint Denial of Service
                                • Resource Hijacking

                                DOWNLOAD DATASHEET

                                Corelight’s MITRE ATT&CK approach

                                Corelight drives broad coverage across the MITRE ATT&CK TTPs using an approach focused on visibility and explainable, evidence-based analytics. The foundation of this approach is Zeek® network telemetry, data that captures activity across a broad set of network protocols and fuels advanced analytics. With these analytics, Corelight provides machine learning models, behavioral alerts, and Suricata-based IDS and SIEM rules to detect the relevant ATT&CK tactics, techniques, and procedures. Corelight’s Open NDR Platform allows you to build your own detection content or use community contributions such as MITRE’s BZAR package.

                                GET A DEMO

                                mitre-att&ck

                                Have questions?

                                Talk with one of our experts today.

                                CONTACT US