Security | Threat Detection | Cyberattacks | DevSecOps | Compliance

Threat Detection


Black Hat NOC USA 2023: Leveraging Corelight's Open NDR Platform for Network Operations (NetOps)

In this blog, I’ll share a few NetOps observations of the Black Hat network that I made during my time serving in the Black Hat Network Operations Center (NOC). My hope in doing so is to spark some ideas on how you can use an existing tool like Zeek for a new purpose. These insights were particularly revealing, despite not being linked to any security incidents.

Arctic Wolf

What Is EDR Security and How Does It Fit into Your Cybersecurity Strategy?

Back in 2013, Gartner’s Anton Chuvakin set out to name a new set of security solutions to detect suspicious activity on endpoints. After what he called “a long agonizing process that involved plenty of conversations with vendors, enterprises, and other analysts” Chuvakin came up with this phrase: endpoint threat detection and response. Since then, this moniker has been shortened to endpoint detection and response or EDR. But as the name got smaller, the market got bigger.


MDR vs MSSP vs SIEM: The Evolving Threat Detection Landscape

Effective threat detection is critical to achieving a mature cybersecurity posture. Yet with so many threat detection options on the market, from managed detection and response (MDR) to managed security service providers (MSSPs) to security information and event management (SIEM), choosing the most effective one for your organization can be challenging.


Inside the Mind of a Cybersecurity Threat Hunter Part 1: Confronting Initial Access Techniques

At Corelight, we’re always striving to make the life of threat hunters and security analysts a little easier. It’s the reason we developed our Open NDR Platform that provides comprehensive, correlated network data and forensic evidence about everything happening on the network. If you’re familiar with Corelight, you probably already know that.

How Corelight's ServiceNow integration speeds response

See how the integration between Corelight's Open NDR platform and ServiceNow allows analysts to send specified detections to ServiceNow, enabling efficient case management for in-depth analysis. Send selected detections with contextual information to ServiceNow with a few clicks, and easily jump from ServiceNow to view detection-related details in Corelight, resulting in faster time to case resolution/MTTR.

How Corelight Uses AI to Empower SOC Teams

The explosion of interest in artificial intelligence (AI) and specifically large language models (LLMs) has recently taken the world by storm. The duality of the power and risks that this technology holds is especially pertinent to cybersecurity. On one hand the capabilities of LLMs for summarization, synthesis, and creation (or co-creation) of language and content is mind-blowing.


CVE-2023-3595: Rockwell Automation ControlLogix Vulnerability Analysis Fuels Better Risk Assessment and Threat Detection

On July 14, CISA published an industrial control system (ICS) advisory about two new critical vulnerabilities affecting Rockwell Automation ControlLogix communication modules: CVE-2023-3595 and CVE-2023-3596. CISA and Rockwell Automation recommended that asset owners patch vulnerable devices and add controls such as segmenting networks and using network intrusion detection.


Detecting account compromise with UEBA detection packages

The Elastic InfoSec Threat Detection team is responsible for building, tuning, and maintaining the security detections used to protect all Elastic® systems. Internally, we call ourselves Customer Zero and we strive to always use the newest versions of our products. This blog details how we are building packages of detection rules that work together to create a high fidelity alert for strange user behavior.