Corelight named as a Leader in Forrester Wave™: Network Analysis and Visibility Solutions, Q4 2025

GET THE REPORT

Corelight Recognized as a Leader in the 2025 Gartner® Magic Quadrant™ for Network Detection and Response

GET THE REPORT
CONTACT US
CONTACT US

START HERE

Why Open NDR

 

WHY CORELIGHT

Evidence-based security

Detections & analytics

Faster investigation

Complete visibility

    SOLUTIONS

    Cloud security

    Encrypted traffic

    Federal

    Financial services

    Ransomware

    Threat hunting

     

    CORELIGHT LABS

    Recent research

    Mission and team

    Polaris program

      STRATEGIC PARTNERS

      Overview

      CrowdStrike

      Google Cloud

      Microsoft

      Splunk

      Elastic
        Detect and disrupt evasive threats with high-fidelity, multi-layered detection.

        Detect and disrupt evasive threats with high-fidelity, multi-layered detection.

        SEE HOW

        OVERVIEW

        Open NDR Platform

        Threat detection

        MITRE ATT&CK®

         

        PLATFORM CAPABILITIES

        AI-powered SOC

        Triage with Investigator

        Network Monitoring with Zeek®

        Intrusion Detection with Suricata®

        Static File Analysis with YARA

        Forensics with Smart PCAP

          SENSORS

          Appliances

          Cloud

          Flow

          Software

          Virtual

          Fleet Manager

          View all products

            SERVICES

            Training

             

            ALLIANCES

            CrowdStrike

            Google Cloud

            Microsoft

            Splunk

            Elastic

            View all

             

            USE CASES

            Case Studies

            View all
              volt-typhoon-warning

              Detect advanced attacks with Corelight

              SEE HOW

              TECHNOLOGY INTEGRATIONS

              Partner ecosystem

              Technology partners directory

               

                FOR PARTNERS

                Deal registration

                Become a Channel Partner

                Channel Academy sign up

                Technical Alliance Academy sign up
                  cloud-network

                  Corelight announces cloud enrichment for AWS, GCP, and Azure

                  READ MORE

                  partner-icon-green

                  Corelight's partner program

                  BECOME A PARTNER

                  BLOG

                  Read the latest

                   

                  EVENTS

                  Meet with us

                   

                  RESOURCE CENTER

                  Document Library

                    GLOSSARY

                    NDR (Network Detection & Response)

                    NDR vs. XDR vs. EDR

                    Cloud Security Solutions

                    Intrusion Detection System (IDS)

                    Packet Capture (PCAP)

                    Signature-Based Detection

                    IDS False Positive

                    View all glossary
                        glossary-icon

                        10 Considerations for Implementing an XDR Strategy

                        READ NOW

                        ad-images-nav_0006_Blog

                        Don't trust. Verify with evidence

                        READ BLOG

                        ABOUT US

                        About Corelight

                        Leadership

                        Investors

                          JOIN US

                          Careers

                          Current openings

                            NEWS & EVENTS

                            Newsroom

                            Media coverage

                            Events
                              corelight named a leader image

                              2025 Gartner® Magic Quadrant for NDR

                              GET THE REPORT

                              SUPPORT SERVICES

                              Open a ticket

                              Account login

                              Technical bulletins

                              Report a security vulnerability

                                WORLD-CLASS SUPPORT

                                Support overview
                                    ad-images-nav_0006_Blog

                                    Detecting 5 Current APTs without heavy lifting

                                    READ BLOG

                                    g2-medal-best-support-spring-2024

                                    Network Detection and Response

                                    SUPPORT OVERVIEW

                                     

                                    Corelight Bright Ideas Blog

                                    Featured Post

                                    October 28, 2025

                                    No PoCs? No problem. How to hunt for F5 exploitation even when details are sparse

                                    By David Burkett

                                    Endpoint detection and response (EDR) tools, and the analysts using them, have become incredibly effective. They have become so good, in fact, that we're now seeing a clear shift in adversary behavior: attackers are being pushed off the endpoint and onto places where EDR cannot run. This isn't just a theory. As I was writing a separate blog about... Read more »

                                    Additional Posts

                                    Carrefour Enhances Cybersecurity With Corelight

                                    By Youssef Agharmine – September 11, 2024

                                    In the fast-paced world of retail, implementing robust cybersecurity measures is not just a necessity but a critical element of operational success. Carrefour, one of the world’s largest retail groups, faced the daunting challenge of securing its... Read more »

                                    Detecting Abuse of NetSupport Manager

                                    By Tillson Galloway – September 11, 2024

                                    Welcome to the latest hunt from Corelight Labs! This blog continues our tradition of analyzing trending TTPs on Any.Run and writing detectors for them. Read more »

                                    Unparalleled Visibility and Threat Detection for SSE Environments

                                    By Ed Smith – September 10, 2024

                                    As organizations embrace digital transformation, security teams face growing challenges in maintaining visibility across diverse on-prem, cloud, and hybrid environments. With the rapid adoption of Secure Access Service Edge (SASE) and Security... Read more »

                                    A few notes from a CISA anger translator

                                    By Brian Dye – August 8, 2024

                                    My weekly dose of Risky.biz led me to CISA’s advisory on SILENTSHIELD, which described their months-long red team exercise and resulting remediation at a federal agency. My browser backlog happened to have their APT40 advisory from just a few days... Read more »

                                    Corelight Announces Cloud Enrichment for AWS, GCP, and Azure

                                    By Todd Morneau – August 6, 2024

                                    This week, I’m excited to announce Cloud Enrichment for AWS, GCP, and Azure. These enhancements are designed to accelerate incident response and unlock threat hunting capabilities by automatically combining the insights of your cloud network with... Read more »

                                    Understanding the Latest Threat Landscape: Insights from Mandiant M-Trends

                                    By Allen Marin – July 18, 2024

                                    In the constantly evolving world of cybersecurity, staying ahead of emerging threats requires continuous vigilance and adaptation. Fortunately for those of us in the industry, we’ve been able to count on highly respected digital forensics and... Read more »

                                    Corelight recognized for SaaS and Cloud Identity Applications Security in the Gartner Competitive Landscape Report*

                                    By Alyssa Ideboen – July 18, 2024

                                    The cybersecurity landscape is evolving, and Network Detection and Response (NDR) solutions are becoming indispensable for consistent visibility across an increasing attack surface. In the Competitive Landscape for NDR research, Gartner® claims that... Read more »

                                    Black Hat NOC: Zero Trust…but Verify | Corelight

                                    By Mark Overholser – July 8, 2024

                                    Zero Trust…but Verify The Black Hat network is unlike an enterprise network. The network operations center (NOC), which Corelight helps to operate, sees traffic that would never be permissible on most enterprise networks. Still, in many ways the... Read more »

                                    Detecting The Agent Tesla Malware Family

                                    By Keith J. Jones – July 2, 2024

                                    Welcome to the latest from Corelight Labs! This blog continues our tradition of picking a popular malware family from Any.Run and writing a detector for it! Trending consistently at #1 on Any.Run’s malware trends list, Agent Tesla uses multiple... Read more »

                                    Splunk .conf24 reflections - Federated data, resilience, and a parade of fezzes

                                    By Allen Marin – June 26, 2024

                                    Fresh from the recent .conf24 user conference in fabulous Las Vegas, I thought I’d share what I thought were some of the key points throughout the week. Read more »

                                    Recent Posts

                                    Rss Square Streamline Icon: https://streamlinehq.com

                                    1080x1080_GartnerReport