Skip to content

Corelight

Corelight utilizes Zeek in order to provide network based telemetry across many different protocols. CYDERES recommends using Corelight to capture that high value data and analyze it. CYDERES provides the ability to centrally manage Corelight, monitor health, and provide detections on new attacks as they are discovered.

Deployment

Connectivity Requirements

Destination Port Direction
corelight.cyderes.cloud TCP/1443 External Outbound

Default Credentials

User Password Description
admin admin Unrestricted Administrator Account
netconfig netconfig Restricted Account for Network Setup

Setup

1.) Configure Corelight with the local networks that Corelight will be seeing traffic for.

corelight1

2.) Set the sensor name. The sensor name should reflect your company, the sensor's location, and what model the sensor is.

Example:

CYDERES_HQ_1000

3.) Configure the management network for the sensor.

corelight2

4.) Register Corelight with the CYDERES Fleet Manager. Enter the Diagnostic Shell and run the following command. The CommunityString variable will be provides by CYDERES.

corelight-client configuration update --fleet.community_string <CommunityString> --fleet.server corelight.cyderes.cloud:1443 --fleet.enable true

corelight3

corelight4

5.) Save the Configuration.