Explore how we leverage our pillar technologies—namely Zeek, Suricata, and AI—to monitor and respond to threats against the BlackHat conference. The BlackHat NOC is a collaborative effort between some of the industry's best vendors and products, with Corelight focusing on Network Detection and Response. After nearly two years on the global conference circuit, I am excited to share insights and lessons learned from this unique and complex network, including how we leverage LLMs to improve alert triage in offensive security trainings. We’ll conclude with a few anecdotes from our investigations, highlighting our approach to threat detection in this unique environment.