We are excited to announce a significant enhancement to our Entity Enrichment integration with CrowdStrike Falcon: the 1-Click Response action. This new feature empowers SOC analysts to isolate a host directly from Corelight Investigator, leveraging enriched context and point-in-time evidence to make informed, rapid decisions during security incidents.

As a security professional, you know that the ability to swiftly and effectively respond to threats is crucial. In this post, we’ll explore how LimaCharlie, a SecOps Cloud Platform, can help automate comprehensive Incident Response (IR) workflows, including forensic triage acquisition, evidence processing, and forensic timeline generation.

Organizations face many threats today, but not all potential threats are from malicious activities outside the organization. Insider threats are just as significant, if not more significant, of a security risk to companies today. Since 2018, there has been a 40% increase in data breaches caused by company insiders, so they now represent most of them.