Corelight Bright Ideas Blog: NDR & Threat Hunting Blog

Expand visibility around authentication and application anomalies with Corelight’s new LDAP analyzer

By Vince Stoffer – March 20, 2023

Comprehensive visibility into network protocols is a hallmark of Zeek (and therefore Corelight) data. That's why we are very happy to announce that with our v27.2 release we are supporting a new analyzer for the LDAP protocol. You likely know LDAP... Read more »

Corelight Investigator introduces new Machine Learning Models

By Sara Shuman – January 31, 2023

Corelight Investigator furthers its commitment to delivering next-level analytics through the expansion of its machine learning models. Security teams are now enabled with additional supervised and deep learning models, including: Read more »

Corelight for the everywhere cloud

By Ed Amoroso, founder and CEO of TAG Cyber (guest) – January 17, 2023

Editor's note: This is the first in five-part series authored by Ed Amoroso, founder and CEO of TAG Cyber, which will focuses on how the Corelight platform reduces network security risks to the so-called Everywhere Cloud (EC). Such security... Read more »

Corelight launches the Entity Collection

By Vince Stoffer – December 13, 2022

Corelight Labs, our amazing research team, has been hard at work on another content collection which we are excited to introduce: the Corelight Entity Collection. Read more »

Replace IDS and extend entity visibility

By John Gamble – December 8, 2022

Today, as a part of our v27 software release, we are launching enhanced IDS rules management functionality, extending analyst visibility around hosts, devices, users, and more, and upgrading the Corelight Software Sensor to give customers more NDR... Read more »

Zeek on Windows

By Tim Wojtulewicz – December 5, 2022

Editor's note: This post was originally published on the Zeek.org blog on Nov. 28, 2022. Reposted here in full with permission as a courtesy. Read more »

IoT/OT/ICS threats: Detecting vulnerable Boa web servers

By Corelight Labs Team – November 30, 2022

Editor's note: This blog post was updated on 12/1/22 to add the "Update 12/1/22" and corresponding paragraph added to the end of the blog post. On Nov. 22, 2022 Microsoft announced research findings about an ongoing supply chain attack against IoT... Read more »

Detecting 5 current APTs without heavy lifting

By Corelight Labs Team – November 8, 2022

The Corelight Labs team prides itself on the ability to create novel Zeek and Suricata detection content that delves deep into packet streams by leveraging the full power of these tools. However this level of additional sophistication is not always... Read more »

“Easy” button for cloud NDR visibility

By Todd Morneau – October 18, 2022

As organizations continue to rapidly adopt cloud services, they struggle to expand network detection and response (NDR) capabilities to their hybrid and multi-cloud environments. Network visibility is critical for security operations center (SOC)... Read more »

New position brings new open source opportunities

By Kelley Misata – October 12, 2022

Today marks the start of ZeekWeek, the annual conference for information technologists who rely on the Zeek® network for security monitoring. Read more »