Archived: How to threat hunt in your SIEM with the right network data

On-Demand Webcast|0.5 Hour

Threat hunting might seem out of reach, but all it truly takes is one curious person with direct access to the right data. The network, due to its breadth of visibility, offers an excellent starting point for your hunt. Traditional network logs, like Netflow, however, have left gaping blind spots on the network. That’s why many organizations are deploying Network Detection & Response (NDR) solutions, which fill critical gaps in their network defenses, accelerate incident response times, and unlock powerful new hunting capabilities.

Join Corelight for this Democast, where you will learn how to:

  • find adversaries abusing common protocols, like DNS, to conduct data exfiltration and C2 communications;
  • spot adversaries communicating over encrypted network protocols without decrypting the traffic; and
  • turn successful hunts into automated detections.

Attendees of this webcast may be eligible for half a CPE credit.


Alex Kirk



Alex is a veteran open source security evangelist with a deep engineering background. In 10 years with Sourcefire Research (VRT), he wrote the team’s first malware sandbox and established its global customer outreach and intelligence sharing program. He has spoken at conferences across the globe on topics from “Malware Mythbusting” to “Using Bro/Zeek Data for IR and Threat Hunting”, and was a contributing author for “Practical Intrusion Analysis”, and oft-used textbook for university courses on IDS. His security engineering background also includes time at Cisco and Tenable.