Cooking up a year of faster, smarter, and tastier security

If there’s one thing I love more than delivering great products, it’s delivering great food. The holidays are my time to channel my inner celebrity chef: I’ll burn a few cookies, over-spice a roast, and then miraculously pull it all together for a meal that leaves everyone asking for seconds (or at least not asking for the takeout menu). This year, I realized that building a great SOC has a lot in common with cooking — you need the right tools, a good recipe, and a sprinkle of creativity. So, let’s gather around the Corelight kitchen and take a look at the product updates we’ve delivered in 2024. Grab your aprons, and let’s dig in!

Step 1: Add the secret sauce with Guided Triage

Tired of tab fatigue and endless joins and pivots? Guided Triage delivers a single-screen workflow that cuts down inefficiency and makes analysts’ lives easier. With prioritized alerts, AI-powered insights, and a streamlined timeline visual, analysts can now reduce triage time by up to 50%.

Our engineers even taught LLMs to translate network jargon into plain English; turning complex processes into narratives anyone can follow. Guided Triage is like a well-balanced beurre blanc: efficient, effective, and satisfying.

Step 2: Sprinkle in some malware detection with YARA

Corelight has integrated file analysis powered by YARA for unparalleled visibility into file analysis. Whether you’re hunting for elusive malware or crafting custom YARA rules, we’ve made static file analysis more efficient and impactful.

Threats like Volt Typhoon that slip past traditional EDR remind us why NDR is the essential spice in a comprehensive security recipe. In this case, YARA rules from CISA would help identify living off the land attacks we’ve seen from this threat actor.

Step 3: Elevate your game with AI-powered security detections

AI and machine learning have become critical ingredients in identifying threats that traditional methods might overlook. At Corelight, we’ve integrated advanced AI/ML models to detect domain generation algorithms (DGA), spot combosquatting attacks, and detect unknown web malware via C2 traffic. We have also added detection capabilities for AsyncRat, FormBook, and RedLine Stealer, three families of malware often seen in the wild.

Our AI doesn’t just fire alerts; it provides actionable insights, enriched context or refined alerts that reduce noise and help analysts focus on what truly matters. Think of our AI as the sous chef in your SOC that works tirelessly in the background to keep everything running smoothly.

Step 4: Whip up simplicity with cloud-native sensors

This year, we’ve made cloud security intuitive and effective. With native sensors for AWS, Azure, and GCP, plus unique detections like AWS S3 exfiltration alerts, we’re helping you secure your environment no matter where your data resides.

Another key update is data enrichment and instance metadata correlation, which simplify cloud workflows and enable faster response times — and it’s all easier than folding whipped cream into a mousse (I can never get that right!).

Step 5: Assemble your technical integrations

Our integrations this year have strengthened SOC efficiency across the board. Here’s a look:

• CrowdStrike: Our integration allows analysts to see CrowdStrike’s host information alongside Corelight Entities in Investigator, simplifying investigations and enabling host isolation directly from our UI. Corelight’s integration with Falcon Next-Gen SIEM speeds up SOC workflows by linking alerts to Falcon Spotlight vulnerabilities, while pre-correlating Entity Collection logs with Falcon Sensor IDs streamlines endpoint inventory and response.
• Google/Mandiant: In addition to richer integrations with Google SecOps, we announced that Mandiant Managed Defense is now powered by Corelight.
• Microsoft Sentinel: We’ve added new dashboards for Microsoft Sentinel, offering clear insights into SSH hygiene, DNS activity, and more.
• SentinelOne: Combining Corelight’s network visibility with SentinelOne’s endpoint data creates a powerful duo for security teams.

That’s a well-curated charcuterie board whose parts fit neatly together — and no stinky cheeses!

Step 6: Pair with some SIEM dashboards

This year, we’ve focused on enhancing SIEM dashboards to provide actionable insights that empower security teams. With updated dashboards for Splunk, Elastic, and Microsoft Sentinel, analysts can now gain clearer visibility into critical metrics such as SSH hygiene, DNS activity, and encrypted traffic health. These dashboards are designed to highlight key trends at a glance, which reduces the time you’ll spend digging through logs and enables faster decision-making.

Think of it as pairing a smooth Château d'Yquem to pair with creme brulee — exactly what you need to round out an exquisite meal.

Step 7: Plan the feast for 2025

For the new year, we’re already planning better detection models, stronger partnerships, and tools that will continue to redefine efficiency in security operations.

We’re excited to serve up even more impactful updates in 2025 that will help your SOC run like a Michelin-starred operation.

Thank you for working alongside us this year as we make SOCs everywhere faster, smarter, and more efficient. Here’s to a secure and joyous holiday season from all of us at Corelight — we couldn’t have done it without you!

Happy holidays and happy hunting,
Corelight Product Team