The Hoot episode 13: Humio at Corelight with Seth Hall
Seth Hall is the Chief Evangelist, Key Zeek Committer, and co-founder of Corelight. This week, John and Seth talk about combining Humio and Corelight boosts your observability. Seth raves about Humio’s smooth search navigation, and he explains how Humio dashboards are a huge boon to people in SecOps because they provide a powerful, reliable, and customizable way to quickly look for unusual activity.
“Dashboards are interesting from a hunting perspective because you can create a bunch of threads that give you a place to start your search. I look at it like having a bunch of threads hanging from the ceiling that give you an idea of top-performing parts of your system.”
We explore Corelight’s advanced features including its ability to infer if any suspicious activity is occuring in SSH connections. Seth warns about the importance of not missing any traffic on your system, both looking at it as it’s happening and storing logs of what has happened in your system so you can go back and explore what went wrong.