Threat hunters need to work quickly when identifying and resolving anomalous activity if they want to prevent long-lasting damage. Since most attacks must cross the network, they'll likely leave a trail of data — yet common sources of network data such as Netflow records and DNS server logs provide minimal details and can be difficult to correlate. How can the modern threat hunter address these issues?
Luckily, Corelight - one of the industry’s best sources of network data - transforms raw network traffic into highly comprehensive logs that summarize network activity across more than 35 protocols. These logs are condensed to 1% the size of a typical full traffic capture, allowing fast and easy search in SIEM solutions such as Splunk.
Join this webinar and learn how you can:
- Get an overview of Corelight and its myriad of use cases.
- See the integration between Corelight and Splunk, step by step.
- Explore threat hunting use cases more deeply.
About the Speaker:
Kulwant Sohi is a Federal Systems Engineer at Corelight, the company founded by the creators of the Zeek network security monitor. Kulwant has over 25 years architecting and implementing mission critical network and security systems. He is a subject matter expert in network forensics including full packet and metadata extraction.
REGISTER NOW TO LEARN MORE!
