Close your ransomware case with Open NDR
Corelight now powers CrowdStrike solutions and services
Alerts, meet evidence.
5 Ways Corelight Data Helps Investigators Win
10 Considerations for Implementing an XDR Strategy
Don't trust. Verify with evidence
NDR for Dummies
The Power of Open-Source Tools for Network Detection and Response
The Evolving Role of NDR
Detecting 5 Current APTs without heavy lifting
Network Detection and Response
Corelight Investigator furthers its commitment to delivering next-level analytics through the expansion of its machine learning models. Security teams are now enabled with additional supervised and deep learning models, including:
- Malicious File Download
- Social Engineering Domains
- Typosquatting Domains
- Homograph Domains
We continue to provide complete transparency behind our evidence -- showing the logic behind our machine learning models and detections, allowing analysts to quickly and easily validate the alerts.
SOC teams taking an evidence-first approach to threat hunting and incident response understand the importance of evidence quality because it determines their analytic outcomes. Corelight has developed a suite of analytics based on three pillars.
- The best evidence sets the strongest foundation. The best evidence enables the best analytics, accelerates alert investigation, and allows defenders to investigate attacks spanning today, yesterday and tomorrow using retrospective analysis, forensics, and threat hunting.
- Analytics need the right tool for the job - there is no silver bullet. Machine learning, queries, behavioral detection, threat intelligence and traditional IDS signatures are each useful for different attack activity. We leverage them together for the most accurate analytics, broadest toolset consolidation and most effective alert aggregation.
- Threat hunting is core to modern detection. Threat hunting requires unfettered access to evidence and can drive new detections and broader analytics coverage. In addition, hunting also reveals operational issues and accelerates routine incident response by understanding what “normal” is in the environment.
Investigator combines machine learning, threat intel, behavioral analysis, continuous community detections from Suricata, Zeek, and Sigma, and new analytics from the Corelight Labs team to deliver the most effective alert aggregation and toolset and dataset consolidation.
Not to be missed, we are happy to announce that we have completed attestation for GDPR – enabling us to extend the power of Investigator to the European market. Corelight customers and prospects can contact sales directly for pricing information or reach out to their preferred Corelight reseller in Europe.
To learn more about our evidence-first approach and how Investigator enables teams to upskill their analysts and improve SOC performance metrics, contact us today to get a demo and learn how to get a trial.