Security | Threat Detection | Cyberattacks | DevSecOps | Compliance

Network Detection and Incident Response with Open Source Tools

Nov 2, 2022 By Corelight In Corelight
When conducting incident response, EDR and firewall technologies can only show you so much. The breadth of network traffic provides an unrivalled source of evidence and visibility. Open-source security technologies such as Zeek, Suricata, and Elastic can deliver powerful network detection and response capabilities, furthermore the global communities behind these tools can also serve as a force multiplier for security teams, often accelerating response times to zero-day exploits via community-driven intel sharing.
View Video
Corelight

"Easy" button for cloud NDR visibility

Oct 18, 2022 By Todd Morneau In Corelight

As organizations continue to rapidly adopt cloud services, they struggle to expand network detection and response (NDR) capabilities to their hybrid and multi-cloud environments. Network visibility is critical for security operations center (SOC) teams to secure their cloud environments and ensure they can elevate threat detection and incident investigation capabilities. However, traditional NDR solutions require management, configuration and often lack the security context needed.

Read Post
Corelight

BOD 23-01: Better visibility to reduce risk

Oct 10, 2022 By Jean Schaffer In Corelight

“Knowing what’s on your network is the first step for any organization to reduce risk.” -CISA Director, Jen Easterly. On October 3, the Cybersecurity and Infrastructure Security Agency (CISA) issued Binding Operational Directive (BOD) 23-01: Improving Asset Visibility and Vulnerability Detection on Federal Networks.

Read Post

Threat hunt with network evidence with endpoint telemetry

Oct 5, 2022 By Corelight In Corelight
Corelight and Microsoft show the power of combining network evidence with endpoint telemetry using Defender365 and Sentinel to analyse, investigate, and understand the full breadth of an attack. During the session, we dive straight into the technology and how it can be applied using a simulated attack Demo.
View Video

The Power of Open-Source Tools for Network Detection & Incident Response

Oct 4, 2022 By Corelight In Corelight
When conducting incident response, EDR and firewall technologies can only show you so much. The breadth of network traffic provides an unrivaled source of evidence and visibility. Open source security technologies such as Zeek, Suricata, and Elastic can deliver powerful network detection and response capabilities, furthermore the global communities behind these tools can also serve as a force multiplier for security teams, often accelerating response times to zero-day exploits via community-driven intel sharing.
View Video
Corelight

Corelight Investigator: Ready for Europe

Oct 4, 2022 By Sara Shuman In Corelight

This summer, we launched Investigator, Corelight’s SaaS-based network detection and response (NDR) solution that fuses rich network evidence with machine learning and other security analytics to unlock powerful threat hunting capabilities and accelerate analyst workflows. Today, we are pleased to share that the Investigator platform is engaged in attestation for GDPR to support customer threat hunting and incident response operations across Europe.

Read Post
Corelight

Detecting the Manjusaka C2 framework

Sep 29, 2022 By Corelight Labs Team In Corelight

Security practitioners may know about common command-and-control (C2) frameworks, such as Cobalt Strike and Sliver, but fewer have likely heard of the so-called Chinese sibling framework “Manjusaka” (described by Talos in an excellent writeup). Like other C2 frameworks, we studied the Manjusaka implant/server network communications in our lab environment, and here we document some of the detection methods available. We have also open-sourced the content we describe.

Read Post

Cloud Insecurities - How to threat hunt in hybrid and multi cloud environments

Sep 27, 2022 By Corelight In Corelight
Amidst a record number of workloads moving to the cloud – security teams must not only confront the cyber-skills shortage, but also a general lack of cloud expertise. Corelight and guest Forrester will share best practices for building threat detection, hunting, and incident response capabilities to the cloud and upskilling your existing SecOps team. Watch this on demand webcast to learn.
View Video

SANS Protects: The Network

Sep 8, 2022 By Corelight In Corelight
SANS Protects is a series of papers focused on the most prevalent threats to specific, critical components of your environment as well as actions you can take to mitigate those threats and thwart threat actors. In this webcast, sponsored by Corelight, SANS Certified Instructor Matt Bromiley will examine current, prevalent network threats and how adversaries use them to take advantage of, and maintain footholds in, victim environments.
View Video

Copyright © 2026 OpsMatters™. All rights reserved.