Corelight Recognized as a Leader in the 2025 Gartner® Magic Quadrant™ for Network Detection and Response

GET THE REPORT

Corelight Recognized as a Leader in the 2025 Gartner® Magic Quadrant™ for Network Detection and Response

GET THE REPORT
CONTACT US
CONTACT US

START HERE

Why Open NDR

 

WHY CORELIGHT

Evidence-based security

Detections & analytics

Faster investigation

Complete visibility

    SOLUTIONS

    Cloud security

    Encrypted traffic

    Federal

    Financial services

    Ransomware

    Threat hunting

     

    CORELIGHT LABS

    Recent research

    Mission and team

    Polaris program

      STRATEGIC PARTNERS

      Overview

      CrowdStrike

      Google Cloud

      Microsoft

      Splunk

      Elastic
        Detect and disrupt evasive threats with high-fidelity, multi-layered detection.

        Detect and disrupt evasive threats with high-fidelity, multi-layered detection.

        SEE HOW

        OVERVIEW

        Open NDR Platform

        Threat detection

        MITRE ATT&CK®

         

        PLATFORM CAPABILITIES

        Triage with Investigator

        Network Monitoring with Zeek®

        Intrusion Detection with Suricata®

        Static File Analysis with YARA

        Forensics with Smart PCAP

          SENSORS

          Appliances

          Cloud

          Software

          Virtual

          Fleet Manager

          View all products

            SERVICES

            Training

             

            ALLIANCES

            CrowdStrike

            Google Cloud

            Microsoft

            Splunk

            Elastic

            View all

             

            USE CASES

            Case Studies

            View all
              volt-typhoon-warning

              Detect advanced attacks with Corelight

              SEE HOW

              TECHNOLOGY INTEGRATIONS

              Partner ecosystem

              Technology partners directory

               

                FOR PARTNERS

                Deal registration

                Become a Channel Partner

                Partner Academy sign up

                Alliance Academy sign up
                  cloud-network

                  Corelight announces cloud enrichment for AWS, GCP, and Azure

                  READ MORE

                  partner-icon-green

                  Corelight's partner program

                  BECOME A PARTNER

                  BLOG

                  Read the latest

                   

                  EVENTS

                  Meet with us

                   

                  RESOURCE CENTER

                  Document Library

                    GLOSSARY

                    NDR (Network Detection & Response)

                    NDR vs. XDR vs. EDR

                    Cloud Security Solutions

                    Intrusion Detection System (IDS)

                    Packet Capture (PCAP)

                    Signature-Based Detection

                    IDS False Positive

                    View all glossary
                        glossary-icon

                        10 Considerations for Implementing an XDR Strategy

                        READ NOW

                        ad-images-nav_0006_Blog

                        Don't trust. Verify with evidence

                        READ BLOG

                        ABOUT US

                        About Corelight

                        Leadership

                        Investors

                          JOIN US

                          Careers

                          Current openings

                            NEWS & EVENTS

                            Newsroom

                            Media coverage

                            Events
                              corelight named a leader image

                              2025 Gartner® Magic Quadrant for NDR

                              GET THE REPORT

                              SUPPORT SERVICES

                              Open a ticket

                              Account login

                              Technical bulletins

                              Report a security vulnerability

                                WORLD-CLASS SUPPORT

                                Support overview
                                    ad-images-nav_0006_Blog

                                    Detecting 5 Current APTs without heavy lifting

                                    READ BLOG

                                    g2-medal-best-support-spring-2024

                                    Network Detection and Response

                                    SUPPORT OVERVIEW

                                     

                                    Corelight Bright Ideas Blog

                                    Featured Post

                                    July 31, 2025

                                    Corelight announces industry's first MCP server exposing detailed network data and alerts

                                    By Ashish Malpani

                                    Corelight’s GenAI Accelerator Pack features the industry's first Model Context Protocol (MCP) server, specifically designed to facilitate easier access to detailed network data and alerts for cybersecurity AI agents and enhance the analysis of network security information. Read more »

                                    Additional Posts

                                    No tap? No problem!

                                    By Richard Bejtlich – October 21, 2019

                                    Recently a fan of network security monitoring (NSM) asked me for advice on his current instrumentation situation. He said his organization was new to NSM and was interested in pursuing solutions with Corelight. However, the company did not have any... Read more »

                                    Using Corelight to monitor and identify exploited VPNs

                                    By Richard Bejtlich – October 1, 2019

                                    Network and security infrastructure, such as routers, switches, firewalls, virtual private network concentrators, and other equipment, are designed to provide a stable and secure communications experience for client and server computers and their... Read more »

                                    The sun sets on TLS 1.0

                                    By Johanna Amann – September 15, 2019

                                    Editor’s note: This post is the result of the author’s work at the International Computer Science Institute where she works as a senior researcher. Read more »

                                    An attack or just a game? Corelight can help you tell the difference quickly

                                    By Richard Bejtlich – September 11, 2019

                                    When we think about using Corelight data, our mental models often fixate on finding evidence of suspicious and malicious activity. This makes sense, as network security monitoring data generated by Corelight and Zeek combines the granularity of... Read more »

                                    A conversation with GE’s former CIO on three keys to CIRT success

                                    By Richard Bejtlich – August 21, 2019

                                    Earlier this month during Black Hat I had the good fortune to speak with Gary Reiner, a business leader for whom I have an immense amount of respect. Gary was the chief information officer (CIO) at General Electric (GE) for 20 years, and as such he... Read more »

                                    Don’t delay – Corelight today!

                                    By Richard Bejtlich – July 31, 2019

                                    Introduction Recently I heard that a company interested in Corelight was considering delaying their evaluation because of questions about SIEM technology. They currently have two SIEMs and are evaluating a third, possibly to replace the first two.... Read more »

                                    What did I just see? Detection, inference, and identification

                                    By Richard Bejtlich – July 29, 2019

                                    In the course of my network security monitoring work at Corelight, I’ve encountered the terms detection, inference, and identification. In this post I will examine what these terms mean, and how they can help you describe the work you do when... Read more »

                                    Profiling Whonix

                                    By Richard Bejtlich – July 17, 2019

                                    Introduction This week I read a story announcing that the latest edition of Whonix had been released. I had heard of Whonix, but had never tried it. I knew it was a Linux distribution that tried to make it as easy and safe as possible to anonymize... Read more »

                                    Bring Network Security Monitoring to the cloud with Corelight and Amazon VPC Traffic Mirroring

                                    By John Gamble – June 24, 2019

                                    Corelight Sensors transform network traffic into comprehensive logs, extracted files, and custom insights via Zeek, a powerful, open-source network security monitoring framework used by thousands of organizations worldwide to accelerate incident... Read more »

                                    Hello, my name is??

                                    By Vince Stoffer – June 10, 2019

                                    Corelight just released our v17 software release and it’s packed with a number of cool new features including the Input Framework, Community ID, and MITRE’s BZAR collection of detections for lateral movement. Let me share a few details about how... Read more »

                                    Recent Posts

                                    Rss Square Streamline Icon: https://streamlinehq.com

                                    1080x1080_GartnerReport