This morning we announced Corelight Investigator, an open NDR platform that enables security teams with the next-level evidence they need to disrupt attacks and accelerate threat hunting through an easy-to-use, quick-to-deploy SaaS solution.
How does it work? Investigator combines battle-tested network evidence with intelligent alert scoring to deliver prioritized alerts tied to correlated evidence, enabling analysts to cut through the queue and accelerate incident response. Our powerful log query engine enables live and historic search, the ability to create and save custom searches, and to view results in a variety of formats.We provide access to new analytics developed by Corelight Labs and the open source Zeek and Suricata communities. This creates more effective detections and complements existing tools for the broadest coverage from on-premise to the cloud.
Corelight Investigator complements both your current and developing SOC workflow, including SIEM and XDR solutions.
For new Corelight customers, Investigator provides a complete NDR solution from powerful data to analytics in one easy-to-use SaaS solution. For existing Corelight Sensor customers, Corelight Investigator adds new analytics using machine learning and a powerful, cost-effective investigation platform.
Corelight Investigator brings a new level of openness to the SaaS NDR market – enabling customers to fully understand the logic behind machine learning based detections, and freely integrate these alerts with their existing tools for the broadest coverage from on-prem to the cloud.
Come see us at RSA and discover how to leverage the power of next-level analytics for complete visibility across hybrid and multi-cloud networks.
Can’t make it to RSA? Check out our website for more information or watch this demo video. You can also contact us for a free trial.
By Nick Hunter, Senior Product Marketing Manager, Corelight