CONTACT US
forrester wave report 2023

Close your ransomware case with Open NDR

SEE HOW

Download our free guide to find hidden attackers.

Find hidden attackers with Open NDR

SEE HOW

cloud-network

Corelight announces cloud enrichment for AWS, GCP, and Azure

READ MORE

corelight partner programe guide

Corelight's partner program

VIEW PROGRAM

glossary-icon

10 Considerations for Implementing an XDR Strategy

READ NOW

ad-images-nav_0006_Blog

Don't trust. Verify with evidence

READ BLOG

video

The Power of Open-Source Tools for Network Detection and Response

WATCH THE WEBCAST

ad-nav-ESG

The Evolving Role of NDR

DOWNLOAD THE REPORT

ad-images-nav_0006_Blog

Detecting 5 Current APTs without heavy lifting

READ BLOG

g2-medal-best-support-spring-2024

Network Detection and Response

SUPPORT OVERVIEW

 

Corelight Investigator introduces new Machine Learning Models

Corelight Investigator furthers its commitment to delivering next-level analytics through the expansion of its machine learning models. Security teams are now enabled with additional supervised and deep learning models, including:

  • Malicious File Download
  • Social Engineering Domains
  • Typosquatting Domains
  • Homograph Domains

We continue to provide complete transparency behind our evidence -- showing the logic behind our machine learning models and detections, allowing analysts to quickly and easily validate the alerts. 

Corelight Investigator ML Transparency

SOC teams taking an evidence-first approach to threat hunting and incident response understand the importance of evidence quality because it determines their analytic outcomes. Corelight has developed a suite of analytics based on three pillars. 

  1. The best evidence sets the strongest foundation. The best evidence enables the best analytics, accelerates alert investigation, and allows defenders to investigate attacks spanning today, yesterday and tomorrow using retrospective analysis, forensics, and threat hunting.
  2. Analytics need the right tool for the job - there is no silver bullet. Machine learning, queries, behavioral detection, threat intelligence and traditional IDS signatures are each useful for different attack activity. We leverage them together for the most accurate analytics, broadest toolset consolidation and most effective alert aggregation.
  3. Threat hunting is core to modern detection. Threat hunting requires unfettered access to evidence and can drive new detections and broader analytics coverage. In addition, hunting also reveals operational issues and accelerates routine incident response by understanding what “normal” is in the environment.

Investigator combines machine learning, threat intel, behavioral analysis, continuous community detections from Suricata, Zeek, and Sigma, and new analytics from the Corelight Labs team to deliver the most effective alert aggregation and toolset and dataset consolidation. 

Not to be missed, we are happy to announce that we have completed attestation for GDPR – enabling us to extend the power of Investigator to the European market. Corelight customers and prospects can contact sales directly for pricing information or reach out to their preferred Corelight reseller in Europe.

To learn more about our evidence-first approach and how Investigator enables teams to upskill their analysts and improve SOC performance metrics, contact us today to get a demo and learn how to get a trial. 

 

Recent Posts