Corelight named as a Leader in Forrester Wave™: Network Analysis and Visibility Solutions, Q4 2025

GET THE REPORT

Corelight Recognized as a Leader in the 2025 Gartner® Magic Quadrant™ for Network Detection and Response

GET THE REPORT
CONTACT US
CONTACT US

START HERE

Why Open NDR

 

WHY CORELIGHT

Evidence-based security

Detections & analytics

Faster investigation

Complete visibility

    SOLUTIONS

    Cloud security

    Encrypted traffic

    Federal

    Financial services

    Ransomware

    Threat hunting

     

    CORELIGHT LABS

    Recent research

    Mission and team

    Polaris program

      STRATEGIC PARTNERS

      Overview

      CrowdStrike

      Google Cloud

      Microsoft

      Splunk

      Elastic
        Detect and disrupt evasive threats with high-fidelity, multi-layered detection.

        Detect and disrupt evasive threats with high-fidelity, multi-layered detection.

        SEE HOW

        OVERVIEW

        Open NDR Platform

        Threat detection

        MITRE ATT&CK®

         

        PLATFORM CAPABILITIES

        AI-powered SOC

        Triage with Investigator

        Network Monitoring with Zeek®

        Intrusion Detection with Suricata®

        Static File Analysis with YARA

        Forensics with Smart PCAP

          SENSORS

          Appliances

          Cloud

          Flow

          Software

          Virtual

          Fleet Manager

          View all products

            SERVICES

            Training

             

            ALLIANCES

            CrowdStrike

            Google Cloud

            Microsoft

            Splunk

            Elastic

            View all

             

            USE CASES

            Case Studies

            View all
              volt-typhoon-warning

              Detect advanced attacks with Corelight

              SEE HOW

              TECHNOLOGY INTEGRATIONS

              Partner ecosystem

              Technology partners directory

               

                FOR PARTNERS

                Deal registration

                Become a Channel Partner

                Channel Academy sign up

                Technical Alliance Academy sign up
                  cloud-network

                  Corelight announces cloud enrichment for AWS, GCP, and Azure

                  READ MORE

                  partner-icon-green

                  Corelight's partner program

                  BECOME A PARTNER

                  BLOG

                  Read the latest

                   

                  EVENTS

                  Meet with us

                   

                  RESOURCE CENTER

                  Document Library

                    GLOSSARY

                    NDR (Network Detection & Response)

                    NDR vs. XDR vs. EDR

                    Cloud Security Solutions

                    Intrusion Detection System (IDS)

                    Packet Capture (PCAP)

                    Signature-Based Detection

                    IDS False Positive

                    View all glossary
                        glossary-icon

                        10 Considerations for Implementing an XDR Strategy

                        READ NOW

                        ad-images-nav_0006_Blog

                        Don't trust. Verify with evidence

                        READ BLOG

                        ABOUT US

                        About Corelight

                        Leadership

                        Investors

                          JOIN US

                          Careers

                          Current openings

                            NEWS & EVENTS

                            Newsroom

                            Media coverage

                            Events
                              corelight named a leader image

                              2025 Gartner® Magic Quadrant for NDR

                              GET THE REPORT

                              SUPPORT SERVICES

                              Open a ticket

                              Account login

                              Technical bulletins

                              Report a security vulnerability

                                WORLD-CLASS SUPPORT

                                Support overview
                                    ad-images-nav_0006_Blog

                                    Detecting 5 Current APTs without heavy lifting

                                    READ BLOG

                                    g2-medal-best-support-spring-2024

                                    Network Detection and Response

                                    SUPPORT OVERVIEW

                                     

                                    Corelight Bright Ideas Blog

                                    Featured Post

                                    October 20, 2025

                                    Exposing Salt Typhoon on the network using the PEAK Threat Hunting Framework

                                    By David Burkett

                                    How do you find an adversary who lives where you can't easily look? A recent CISA advisory on the state-sponsored actor "Salt Typhoon" highlights this exact challenge. These actors aren't just breaking in; they're moving in. They persist on network edge devices like routers and firewalls—critical infrastructure that often sits outside the view of... Read more »

                                    Additional Posts

                                    12 talks to see at RSA 2020

                                    By Richard Bejtlich – February 9, 2020

                                    RSA 2020 is fast approaching, and a colleague asked what talks I planned to attend. As I am not attending RSA, I thought I would answer her question anyway, with the hopes that those participating in the conference might benefit from my review of... Read more »

                                    Corelight ECS mapping: Unified Zeek data for more efficient analytics

                                    By Ed Smith – January 27, 2020

                                    In addition to other great news we’ve recently shared, I’m pleased to announce that Corelight sensors now support the Elastic Common Schema (ECS) via our Corelight ECS Mapping. Read more »

                                    Day 1 detection: CVE-2020-0601, a community, and 40 lines of code

                                    By Richard Bejtlich – January 16, 2020

                                    On Tuesday, Jan. 14, 2020, the world learned of the vulnerability du jour, CVE-2020-0601. As explained by Microsoft, “a spoofing vulnerability exists in the way Windows CryptoAPI (Crypt32.dll) validates Elliptic Curve Cryptography (ECC)... Read more »

                                    Finding truth in the cloud: Google Cloud Packet Mirroring and Corelight Network Traffic Analysis

                                    By Vijit Nair – December 9, 2019

                                    “Remember, all I’m offering is the truth” – Morpheus, from the movie Matrix (1999) Read more »

                                    Detecting OpenBSD CVE-2019-19521 SSH exploit attempts

                                    By Anthony Kasza – December 5, 2019

                                    On December 4, Qualys released a security advisory for an authentication bypass vulnerability in OpenBSD, CVE-2019-19521. The vulnerability affects multiple services in OpenBSD including smtpd, sshd, ldapd, and radiusd. This immediately caught our... Read more »

                                    Light in the darkness: New Corelight Encrypted Traffic Collection

                                    By Vince Stoffer – November 19, 2019

                                    This week’s launch of version 18 of our software features the Encrypted Traffic Collection, our first collection of a series of detections and data enrichments created by the Corelight research team. This collection focuses on SSH, SSL/TLS... Read more »

                                    New Corelight app for Splunk: Making network-based threat hunting easier

                                    By Ed Smith – November 18, 2019

                                    Want to use Zeek (formerly Bro) network data in Splunk ES, but don’t know how to start or where to look? Read more »

                                    Introducing the Corelight SSH Inference package

                                    By Anthony Kasza – November 18, 2019

                                    Corelight has recently released a new package, focusing on SSH inferences, as part of our Encrypted Traffic Collection. The package installs on sensors with a few clicks and provides network traffic analysis (NTA) inferences on live SSH traffic.... Read more »

                                    A network engineer in a Zeek Week world

                                    By Sarah Banks – November 4, 2019

                                    With almost two decades of networking experience, I recently made my first foray into a security-centric user conference at Zeek Week, an annual conference for the user community of the open source network security monitoring platform known as Zeek... Read more »

                                    No tap? No problem!

                                    By Richard Bejtlich – October 21, 2019

                                    Recently a fan of network security monitoring (NSM) asked me for advice on his current instrumentation situation. He said his organization was new to NSM and was interested in pursuing solutions with Corelight. However, the company did not have any... Read more »

                                    Recent Posts

                                    Rss Square Streamline Icon: https://streamlinehq.com

                                    1080x1080_GartnerReport