Security | Threat Detection | Cyberattacks | DevSecOps | Compliance

Corelight

Another day, another DCE/RPC RCE

May 17, 2022 By Corelight Labs Team In Corelight

CVE-2022-26809 was patched in Microsoft’s previous Patch Tuesday (April 12) and it’s a doozy: remote code execution on affected versions of DCE/RPC hosts. The vulnerability attracted a lot of attention in the security community, both because of its severity but also because it appears to be really hard to trigger.

Read Post
Corelight

Monitoring AWS networks at scale

May 12, 2022 By Vijit Nair In Corelight

Corelight is pleased to announce our integration with AWS’s Traffic Mirroring to Gateway Load Balancer (GWLB) Endpoint as a Target. This integration simplifies the monitoring of network traffic and generating Corelight data in massively scaled-out public cloud environments. When it comes to monitoring network traffic today, we see two primary deployment patterns, each with their own pain points.

Read Post
Corelight

Spotting Log4j traffic in Kubernetes environments

May 10, 2022 By Stan Kiefer In Corelight

Editor’s note: This is the latest in a series of posts we have planned over the next several weeks where we explore topics such as network monitoring in Kubernetes, using sidecars to sniff and tunnel traffic, show a real-world example of detecting malicious traffic between containers, and more! Please subscribe to the blog, or come back for more each week.

Read Post
Corelight

Network evidence for defensible disclosure

May 5, 2022 By Richard Bejtlich In Corelight

What do I say if my team discovers a breach of our digital assets? This is a question that requires understanding “defensible disclosure,” a term first employed in the statistical, medical, legal, and financial communities.* Understanding what this term means and how to live up to its expectations is key in an age where organizations regularly handle intrusions and, sometimes, suffer breaches.

Read Post

Unify endpoint and network evidence

Apr 29, 2022 By Corelight In Corelight
Unmanaged endpoints, vendor security appliances, cloud instances, and IoT devices often lack endpoint protection, creating hiding places that attackers exploit. Using Humio to correlate Falcon endpoint data with Corelight network evidence improves detection capabilities for all of your devices, and makes investigators and hunters faster.
View Video

What does XDR mean for your organization?

Apr 29, 2022 By Corelight In Corelight
As one of the hottest new buzzwords in the infosec space, XDR means many things to many people. This talk will discuss all of the possible components of an XDR solution through the lens of SOC operations, laying out the pros and cons of various approaches such as SaaS vs on-premise, specialized vs general tooling, etc. for organizations of different size, funding, and maturity levels. Best practice suggestions will be provided throughout, from general principles to specific integration code.
View Video

Network Evidence For XDR

Apr 20, 2022 By Corelight In Corelight
XDR - Extended detection and response - promises to integrate data from any source to stop today's sophisticated and often automated attacks. The key is: Which source? Register for this exclusive session for insights on why network evidence must be a key part of your XDR strategy. Topics to be discussed include how to: Walk away with new ideas on how to stay ahead of ever-changing attacks by using a data-first strategy for detection and response.
View Video

Copyright © 2026 OpsMatters™. All rights reserved.