The Hoot - Episode 13 - Humio at Corelight with Seth Hall
Using dashboards, hunting intruders and looking inside SSH traffic with the co-founder of Corelight
This week we look into how our partners at Corelight use Humio.
Seth raves about Humio’s smooth search navigation and explains how Humio dashboards are a huge boon to people in SecOps because they provide a powerful, reliable and customizable way to quickly look for unusual activity.
“Dashboards are interesting from a hunting perspective because you can create a bunch of threads that give you a place to start your search. I look at it like having a bunch of threads hanging from the ceiling that give you an idea of top performing parts of your system.”
We explore Corelight’s advanced features including its ability to infer if any suspicious activity is occuring in SSH connections. Seth warns about the importance of not missing any traffic on your system, both looking at it as it’s happening, and storing logs of what has happened in your system so you can go back and explore what went wrong.
Corelight is a security traffic monitoring organization that provides analysis of network traffic both on-prem and in cloud to detect to intrusions and breaches. Their corelight sensors are based on the Zeek/Bro platform and provide a rich, actionable picture of traffic over 35+ network protocols.