Corelight¶
Corelight utilizes Zeek in order to provide network based telemetry across many different protocols. Cyderes recommends using Corelight to capture that high value data and analyze it. Cyderes provides the ability to centrally manage Corelight, monitor health, and provide detections on new attacks as they are discovered.
Deployment¶
Connectivity Requirements¶
| Destination | Port | Direction |
|---|---|---|
| corelight.cyderes.cloud | TCP/1443 | External Outbound |
| release.api.corelight.io | TCP/443 | External Outbound |
Default Credentials¶
| User | Password | Description |
|---|---|---|
| admin | admin | Unrestricted Administrator Account |
| netconfig | netconfig | Restricted Account for Network Setup |
Setup¶
1.) Configure Corelight with the local networks that Corelight will be seeing traffic for.
2.) Set the sensor name. The sensor name should reflect company name, the sensor's location, and what model the sensor is.
Example:
Cyderes_HQ_1000
3.) Configure the management network for the sensor.
4.) Register Corelight with the Cyderes Fleet Manager. Enter the Diagnostic Shell and run the following command. The CommunityString variable will be provides by Cyderes.
corelight-client configuration update --fleet.community_string <CommunityString> --fleet.server corelight.cyderes.cloud:1443 --fleet.enable true
5.) Save the Configuration.