The Hoot - Episode 13 - Humio at Corelight with Seth Hall

Using dashboards, hunting intruders and looking inside SSH traffic with the co-founder of Corelight

This week we look into how our partners at Corelight use Humio.

John talks with Seth Hall, Chief Evangelist, Key Zeek Committer, and co-founder of Corelight, as he tells us how combining Humio and Corelight boosts your observability.

Seth raves about Humio’s smooth search navigation and explains how Humio dashboards are a huge boon to people in SecOps because they provide a powerful, reliable and customizable way to quickly look for unusual activity.

“Dashboards are interesting from a hunting perspective because you can create a bunch of threads that give you a place to start your search. I look at it like having a bunch of threads hanging from the ceiling that give you an idea of top performing parts of your system.”

We explore Corelight’s advanced features including its ability to infer if any suspicious activity is occuring in SSH connections. Seth warns about the importance of not missing any traffic on your system, both looking at it as it’s happening, and storing logs of what has happened in your system so you can go back and explore what went wrong.

Corelight is a security traffic monitoring organization that provides analysis of network traffic both on-prem and in cloud to detect to intrusions and breaches. Their corelight sensors are based on the Zeek/Bro platform and provide a rich, actionable picture of traffic over 35+ network protocols.

The Hoot - Episode 13 - Humio at Corelight with Seth Hall.

Subscribe to The Hoot Podcast or download the latest episode. The Hoot can also be found on Spotify, SoundCloud, Google Play, iTunes, RSS, or wherever you get your latest podcasts.

Ready to get started with Humio? Get started with our free trial, or schedule a live demo with a Humio team member.