Corelight Recognized as a Leader in the 2025 Gartner® Magic Quadrant™ for Network Detection and Response

GET THE REPORT

Corelight Recognized as a Leader in the 2025 Gartner® Magic Quadrant™ for Network Detection and Response

GET THE REPORT
CONTACT US
CONTACT US

START HERE

Why Open NDR

 

WHY CORELIGHT

Evidence-based security

Detections & analytics

Faster investigation

Complete visibility

    SOLUTIONS

    Cloud security

    Encrypted traffic

    Federal

    Financial services

    Ransomware

    Threat hunting

     

    CORELIGHT LABS

    Recent research

    Mission and team

    Polaris program

      STRATEGIC PARTNERS

      Overview

      CrowdStrike

      Google Cloud

      Microsoft

      Splunk

      Elastic
        Detect and disrupt evasive threats with high-fidelity, multi-layered detection.

        Detect and disrupt evasive threats with high-fidelity, multi-layered detection.

        SEE HOW

        OVERVIEW

        Open NDR Platform

        Threat detection

        MITRE ATT&CK®

         

        PLATFORM CAPABILITIES

        Triage with Investigator

        Network Monitoring with Zeek®

        Intrusion Detection with Suricata®

        Static File Analysis with YARA

        Forensics with Smart PCAP

          SENSORS

          Appliances

          Cloud

          Software

          Virtual

          Fleet Manager

          View all products

            SERVICES

            Training

             

            ALLIANCES

            CrowdStrike

            Google Cloud

            Microsoft

            Splunk

            Elastic

            View all

             

            USE CASES

            Case Studies

            View all
              volt-typhoon-warning

              Detect advanced attacks with Corelight

              SEE HOW

              TECHNOLOGY INTEGRATIONS

              Partner ecosystem

              Technology partners directory

               

                FOR PARTNERS

                Deal registration

                Become a Channel Partner

                Partner Academy sign up

                Alliance Academy sign up
                  cloud-network

                  Corelight announces cloud enrichment for AWS, GCP, and Azure

                  READ MORE

                  partner-icon-green

                  Corelight's partner program

                  BECOME A PARTNER

                  BLOG

                  Read the latest

                   

                  EVENTS

                  Meet with us

                   

                  RESOURCE CENTER

                  Document Library

                    GLOSSARY

                    NDR (Network Detection & Response)

                    NDR vs. XDR vs. EDR

                    Cloud Security Solutions

                    Intrusion Detection System (IDS)

                    Packet Capture (PCAP)

                    Signature-Based Detection

                    IDS False Positive

                    View all glossary
                        glossary-icon

                        10 Considerations for Implementing an XDR Strategy

                        READ NOW

                        ad-images-nav_0006_Blog

                        Don't trust. Verify with evidence

                        READ BLOG

                        ABOUT US

                        About Corelight

                        Leadership

                        Investors

                          JOIN US

                          Careers

                          Current openings

                            NEWS & EVENTS

                            Newsroom

                            Media coverage

                            Events
                              corelight named a leader image

                              2025 Gartner® Magic Quadrant for NDR

                              GET THE REPORT

                              SUPPORT SERVICES

                              Open a ticket

                              Account login

                              Technical bulletins

                              Report a security vulnerability

                                WORLD-CLASS SUPPORT

                                Support overview
                                    ad-images-nav_0006_Blog

                                    Detecting 5 Current APTs without heavy lifting

                                    READ BLOG

                                    g2-medal-best-support-spring-2024

                                    Network Detection and Response

                                    SUPPORT OVERVIEW

                                     

                                    Corelight Bright Ideas Blog

                                    Featured Post

                                    July 2, 2025

                                    Empowering your LLMs: Unlocking cybersecurity queries with Open WebUI knowledge bases

                                    By Keith J. Jones

                                    In the rapidly evolving landscape of large language models (LLMs), the ability to access and synthesize vast amounts of information is paramount. While LLMs excel at generating creative text and understanding complex prompts, their knowledge is often limited to the data used during their training. This is where knowledge bases (a.k.a.... Read more »

                                    Additional Posts

                                    NDR for AWS Well-Architected

                                    By Roger Cheeks – August 5, 2020

                                    Corelight is a powerful network traffic analysis tool that enables network detection and response (NDR) for AWS Cloud workloads by receiving packets from an AWS Virtual Private Cloud (VPC) traffic mirror and cloud packet brokers. Corelight extracts... Read more »

                                    Zeek in its sweet spot: Detecting F5’s Big-IP CVE10 (CVE-2020-5902)

                                    By Ben Reardon – July 27, 2020

                                    Having a CVE 10 unauthenticated Remote Code Execution vulnerability on a central load balancing device? That’s bad… Read more »

                                    Corelight Splunk App update: New dashboard and data

                                    By Roger Cheeks – July 19, 2020

                                    In support of Corelight’s latest software release, v19, we are pleased to launch our newest installment of the Corelight App for Splunk (Corelight App) and the Corelight Technical Add-on (TA). Both software packages are available on Splunkbase. The... Read more »

                                    Network Security Monitoring data: Types I, II, and III

                                    By Richard Bejtlich – July 7, 2020

                                    Some critics claim that ever growing encryption renders network security monitoring useless. This opinion is based on a dated understanding of the types and values of data collected and analyzed by computer incident response teams (CIRTs) that... Read more »

                                    Ripple20 Zeek package open sourced

                                    By Ben Reardon – June 29, 2020

                                    Recently, security research group JSOF released 19 vulnerabilities related to the “Treck” TCP/IP stack. This stack exists on many devices as part of the supply chain of many well known IoT/ICS/device vendors. Think 100s of millions/billions of... Read more »

                                    Zeek & Sigma: Fully compatible for cross-SIEM detections

                                    By Alex Kirk – June 24, 2020

                                    Corelight recently teamed up with SOC Prime, creators of advanced cyber analytics platforms, to add support for the entire Zeek data set into Sigma, the only generic signature language that enables cross-SIEM detections from a single toolset.... Read more »

                                    DNS over TLS and DNS over HTTPS

                                    By Jamie Brim – June 17, 2020

                                    In this post, we’ll explore DNS over TLS (DoT) and DNS over HTTPS (DoH). Read more »

                                    Chocolate and peanut butter, Zeek and Suricata

                                    By Brian Dye – June 15, 2020

                                    Some things just go well together. A privilege of working with very sophisticated defenders in the open source community is seeing the design patterns they use to secure their organizations – both technology and workflows. One of the most common has... Read more »

                                    The light shines even brighter: Updates to Corelight’s Encrypted Traffic Collection

                                    By Vince Stoffer – June 15, 2020

                                    With Corelight’s latest software release, v19, we are excited to announce the expansion of our Encrypted Traffic Collection (ETC). The ETC was introduced in late 2019, but as a reminder it’s a collection of security insights around SSL/TLS and SSH... Read more »

                                    Detecting GnuTLS CVE-2020-13777 using Zeek

                                    By Johanna Amann – June 10, 2020

                                    CVE-2020-13777 is a high severity issue in GnuTLS. In a nutshell, GnuTLS versions between 3.6.4 (released 2018-09-24) and 3.6.14 (2020-06-03) have a serious bug in their session resumption code, which lets attackers either completely decrypt... Read more »

                                    Recent Posts

                                    Rss Square Streamline Icon: https://streamlinehq.com

                                    1080x1080_GartnerReport