Fueling Cisco XDR with Corelight high-fidelity network evidence
Learn how to integrate Corelight Investigator directly into Cisco XDR to enrich your SOC investigations with high-fidelity network evidence.
Corelight, a leader in fueling the AI SOC, today announced that it is providing industry-leading data to power AI investigations of emerging threats through an integration of Corelight Open NDR into Cloud Control Studio. Cloud Control Studio is the design space within Cisco Cloud Control, Cisco’s unified platform for agentic IT operations, where customers can build AI agents and connect them to non-Cisco tools. This integration will provide security teams and the AI agents they employ in AI Canvas with detections and uniquely powerful data to effectively investigate security issues, improving the speed and accuracy of agentic security workflows.
“Defenders have long known that richer evidence improves security outcomes by enabling faster triage, deeper analysis, and more complete investigation,” said Greg Bell, Corelight co-founder and chief strategy officer. “Through a controlled AI experiment, we have proven that higher-quality data enables agentic SOC tools to respond to real-world attack scenarios faster and more accurately. With this integration, Corelight can now make its data available to our mutual customers through integrations with their security stack of choice.”
While the experiment showed consistent results across different LLMs, even the most advanced models could not overcome limitations imposed by low-quality or incomplete network data. This finding has important implications for the architecture of SOCs going forward, especially because efficiency improvements are compounded in an increasingly automated environment. Assuming that agentic automation will boost SOC efficiency by 10x in the next year or two, then the choice to use better data and lift investigative success rates from 30% to 90% will result in a dramatic increase in overall efficiency.
Corelight data is produced through deep packet inspection, using the underlying power of Zeek and Suricata. It takes the form of structured logs summarizing network conversations across dozens of protocols, interlinked by unique connection identifiers. In addition, it incorporates proprietary content generated from a range of analysis engines, including behavioral, statistical, and machine learning models (with a focus on C2 detection, lateral movement, encrypted traffic analysis, entity analysis, and analysis of extracted files, among other goals). Corelight supports additional detection features, capabilities and integrations including unsupervised machine learning for anomaly detection, and integrations with EDR, CMDB, and identity providers.
The Corelight team will be available to discuss and demonstrate this integration at the Cisco Cloud Control booth at this week’s Cisco Live event in Las Vegas.
Learn how to integrate Corelight Investigator directly into Cisco XDR to enrich your SOC investigations with high-fidelity network evidence.
Discover why network data quality sets a hard ceiling on AI SOC performance. Learn how Corelight data outperforms NetFlow and firewall logs.
Learn how Corelight combines Zeek data, ML, and GenAI workflows to fuel threat hunting, accelerate incident response, and disrupt advanced network...