Bright Ideas Blog

Corelight and Microsoft: A Smarter Way to Fight Alert Fatigue | Corelight

Allen Marin — Mon, 30 Mar 2026 20:27:58 GMT

For SOC teams, the battle against cyber threats can feel like trying to solve a 3D jigsaw puzzle in a bouncy house with missing pieces and a timer blasting every few seconds. Despite the increase in security spending, most teams still struggle with inefficient investigations, alert fatigue, and the non-stop guessing game of prioritizing threats. That’s why we’re excited about our latest integration with Microsoft Security that we hope will help address these persistently common challenges.

Fueling Cisco XDR with Corelight high-fidelity network evidence | Corelight

Cody Spooner — Thu, 19 Mar 2026 15:46:51 GMT

From hunting threats to solving complex problems to coding on a couch, adventures in the Black Hat NOC (Network Operations Center) are always interesting. Over the last few months and several shows, I’ve had the privilege of working with one of the other NOC partners, Cisco, to design and test our first integration between Corelight Investigator and Cisco XDR. While we worked on this project virtually for several weeks, the passion for building new things, more caffeine than I care to admit, and a comfy couch brought this special integration together.

Transforming the SOC with Corelight Agentic Triage | Corelight

Muzzafer Pasha — Wed, 18 Mar 2026 11:45:00 GMT

Introduction: The dawn of the AI SOC era

The cybersecurity landscape has fundamentally shifted in the last several years. Adversaries are no longer just using AI to draft phishing emails; they're deploying autonomous AI agents capable of executing end-to-end attack chains, from initial reconnaissance through lateral movement and data exfiltration. Anthropic's¹ analysis of recent incidents indicates a rapid acceleration in attacker adoption of agentic workflows, dramatically shortening the time between initial access and impact. IBM X-Force² data confirms AI-assisted phishing attacks have surged by 1,265%, while a 2025 Gartner survey³ found that 62% of organizations experienced deepfake attacks involving social engineering automation. The era of AI-versus-AI security operations has arrived, and defenders must respond in kind.

Why geopolitical tensions should raise cyber awareness | Corelight

Vince Stoffer — Mon, 16 Mar 2026 21:05:06 GMT

When geopolitical tensions rise, cybersecurity quickly becomes part of the public conversation.

Black Hat Europe 2025: Lessons from the NOC | Corelight

Mark Overholser — Fri, 27 Feb 2026 14:57:33 GMT

With the holiday season all wrapped up (pun definitely intended), I finally have time to sit down and digest what we saw in the network traffic at Black Hat Europe 2025 while working alongside the other Network Operations Center (NOC) partners: Arista, Cisco, Jamf, and Palo Alto Networks. As usual, there is a mix of the expected, a dash of the unexpected, and some lessons for newcomers and greybeards alike. Let’s get into it.

Black Hat Europe 2025: Threat Hunting With Agentic AI | Corelight

Nacho Arnaldo — Fri, 27 Feb 2026 14:57:02 GMT

POST bodies: a hunter’s goldmine

Working at the Black Hat Network Operations Center (NOC) as a data scientist makes me a bit of an outlier (pun intended) among network engineers and hard-core threat hunters. Thanks to the great work of my colleagues and the other NOC partners that I’ve worked alongside over the years (Arista, Cisco, Jamf, and Palo Alto Networks), I have been able to focus on triaging alerts and developing tailored modeling approaches for identifying anomalies using Corelight logs to defend Black Hat’s well-defined yet challenging conference environment.

Black Hat Europe 2025: Going Into the Fire | Corelight

Jan Grashoefer — Thu, 26 Feb 2026 15:38:13 GMT

Of course no analogy is ever perfect, but when I talk to friends and family about what I do in the field of IT security, I like to compare it to firefighting and the three key roles that make fighting fires possible. First, there are scientists who conduct research on fire spread and fire-retardant materials. In IT security, the scientists are the academics working on the building blocks that are used to secure systems, such as encryption.

Black Hat Europe 2025: Finding a Needle in a Needle Stack | Corelight

Preston Dizmang — Thu, 26 Feb 2026 15:27:42 GMT

There is a saying you will hear tossed around by Black Hat veterans, and even in the presentations: “threat hunting on the Black Hat network is like trying to find a needle in a needle stack”. Still, knowing this did little to prepare me for how unique of an opportunity it is to work in the Black Hat Network Operations Center (NOC). I've been working for Corelight for a little over two years, and previous to that I worked incident response for the US government.

Corelight at SC25: A laboratory for securing the fastest conference network | Corelight

Mark Overholser — Tue, 17 Feb 2026 23:18:38 GMT

I’ve worked as a threat hunter in several Black Hat Security Conference Network Operations Centers (NOCs) across the globe. So I didn’t expect to be surprised by much when signing on to be a part of the NOC for SCinet—a conference that has the “fastest conference network in the world.” And yet I was surprised by just how diverse the SCinet NOC team was, how collaborative the environment was, and how much we were able to achieve with automation in such a short amount of time. I learned quite a bit from the experience, particularly about the importance of experimentation in security, so I wanted to share a few takeaways from my time in the SCinet NOC that I hope you can learn from too!

Detecting Lateral Movement & Evasion Inside Your Network | Corelight

Allen Marin — Mon, 22 Dec 2025 18:28:53 GMT

Welcome back to our threat hunting series with Corelight and CrowdStrike. In our previous posts, we armed you with techniques to spot adversaries during Initial Access and how they establish Persistence to maintain their foothold. Now, we're diving into the shadowy dance of Defense Evasion and Lateral Movement.