"As someone relatively inexperienced with network threat hunting, I wanted to get some hands-on experience using a network detection and response (NDR) system. My goal was to understand how NDR is used in hunting and incident response, and how it fits into the daily workflow of a Security Operations Center (SOC). Corelight's Investigator software, part of its Open NDR Platform, is designed to be user-friendly (even for junior analysts) so I thought it would be a good fit for me."
"While I'm new to threat hunting, I do have experience looking at network traffic flows. I was even an early user of one of the first network traffic analyzers called Sniffer. Sniffers were specialized PCs equipped with network adapters designed to capture traffic and packets. These computers were the foundation on which more advanced network monitoring platforms were built. Back in the mid-1980s, these tools were expensive and required a lot of training."
The objective was to gain hands-on experience with a network detection and response (NDR) system to learn how NDR supports hunting and incident response within Security Operations Center workflows. Corelight's Investigator, part of an Open NDR Platform, was used because it targets usability for junior analysts and was preloaded with recorded network traffic for practice. Prior experience with packet analyzers like Sniffer provided historical perspective on how network monitoring evolved from specialized, costly hardware to modern software tools. The author sought to evaluate everyday network hunting under modern, fast attacks and to assess how quickly new tools can be learned. NDR systems are commonly deployed in mid- to elite-level security operations and play a central role in incident response.
Read at The Hacker News
Unable to calculate read time
Collection
[
|
...
]