• My objective As someone relatively inexperienced with network threat hunting, I wanted to get some hands-on experience using a network detection and response (NDR) system. • My goal was to understand how NDR is used in hunting and incident response, and how it fits into the daily workflow of a Security Operations Center (SOC). • Corelight’s Investigator software, part of its Open NDR Platform, is designed to be user-friendly (even for junior analysts) so I thought it would be a good fit for me. • I was given access to a production version of Investigator that had been loaded with pre-recorded network traffic. • This is a common way to learn how to use this type of software. • While I’m new to threat hunting, I do have experience looking at network traffic flows.

Article Summaries:

  • My objective As someone relatively inexperienced with network threat hunting, I wanted to get some hands-on experience using a network detection and response (NDR) system. My goal was to understand how NDR is used in hunting and incident response, and how it fits into the daily workflow of a Security Operations Center (SOC). Corelight’s Investigator software, part of its Open NDR Platform, is designed to be user-friendly (even for junior analysts) so I thought it would be a good fit for me. I was given access to a production version of Investigator that had been loaded with pre-recorded networ
  • The author, a novice threat‑hunter, gained hands‑on experience with Corelight’s Investigator, an open‑source NDR platform, by accessing a production instance loaded with pre‑recorded traffic. The post explains how NDR tools fit into SOC workflows, highlighting their role in incident response and threat hunting, and their integration with SIEMs, EDRs, and firewalls to enrich and correlate network data. The author describes the Investigator interface-dashboard of high‑risk detections, drill‑down details, and evidence of exploit tools such as NMAP and reverse shells. The piece underscores NDR’s value for triaging events, uncovering misconfigurations, and improving response speed in modern security operations.

Sources: