Corelight Bright Ideas Blog: NDR & Threat Hunting Blog

Corelight + Chronicle Backstory | Corelight

Written by Allen Male | Mar 26, 2019 4:00:00 AM

At the recent RSA Conference, Chronicle launched Backstory, a new security analytics platform, and we are pleased to share that Corelight is part of the Chronicle Index Partner program.

Chronicle Backstory is a global platform designed to help enterprise customers analyze the massive amounts of security telemetry they generate every year. The Corelight Sensor integration with Backstory will combine proven network security monitoring (NSM) and network traffic analysis (NTA) telemetry from Zeek (formerly known as Bro) with advanced behavior analytics and automated incident response capabilities from other sources. As a result, joint customers will be better able to investigate incidents, hunt for threats, and respond to attacks within their networks.

The growing necessity for advanced threat analysis and effective incident response brings additional opportunities for strategic integrations with other technology providers that ultimately strengthens the security stack for enterprises.

For Corelight, integrating with Backstory means that we are ensuring  that our mutual customers can take full advantage of their capabilities by providing them with the right data when they need it. Or as our Chief Product Officer Brian Dye aptly put it in a recent blog post, “getting the right data from the start accelerates almost everything in your IR process, from tools to people.”

How it works

Corelight Sensors can analyze all the network traffic in an enterprise and distill it into enhanced, correlated, and augmented security logs with a fraction of the storage requirement of other solutions (like PCAP) and with a much higher fidelity than flow-based logs.  These indexed logs are fed into Backstory where they provide rich network context to the end user and behavioural information delivered by other Backstory technology partners and enable more rapid incident response and threat hunting.

It can always be tricky to connect new technologies together, in this case it was straightforward due to the flexibility on each side.  The Corelight Sensor offers multiple export options – syslog, Kafka, JSON over TCP, S3 upload, Elastic’s API, etc. Similarly Backstory has multiple import options.  This made for quick custom integration that is simple to assemble.

We are excited to offer this powerful technology integration as it means that our mutual customers can spend less time worrying about which security alerts warrant an immediate response and spend more time detecting and eradicating malicious activity from their networks before a breach occurs.

Corelight partners with many of the leading security analytics platform providers to illuminate the network perspective of the cyber story.  We welcome this opportunity to partner with Chronicle, and to helping many customers more effectively respond to and quell cyber security threats!

Check out our partner page for more information on other strategic integrations we have with other leading vendors.