Corelight Investigator introduces new Machine Learning Models

Corelight Investigator furthers its commitment to delivering next-level analytics through the expansion of its machine learning models. Security teams are now enabled with additional supervised and deep learning models, including:

• Malicious File Download
• Social Engineering Domains
• Typosquatting Domains
  
• Homograph Domains

We continue to provide complete transparency behind our evidence -- showing the logic behind our machine learning models and detections, allowing analysts to quickly and easily validate the alerts. 

SOC teams taking an evidence-first approach to threat hunting and incident response understand the importance of evidence quality because it determines their analytic outcomes. Corelight has developed a suite of analytics based on three pillars. 

1. The best evidence sets the strongest foundation. The best evidence enables the best analytics, accelerates alert investigation, and allows defenders to investigate attacks spanning today, yesterday and tomorrow using retrospective analysis, forensics, and threat hunting.
2. Analytics need the right tool for the job - there is no silver bullet. Machine learning, queries, behavioral detection, threat intelligence and traditional IDS signatures are each useful for different attack activity. We leverage them together for the most accurate analytics, broadest toolset consolidation and most effective alert aggregation.
3. Threat hunting is core to modern detection. Threat hunting requires unfettered access to evidence and can drive new detections and broader analytics coverage. In addition, hunting also reveals operational issues and accelerates routine incident response by understanding what “normal” is in the environment.

Investigator combines machine learning, threat intel, behavioral analysis, continuous community detections from Suricata, Zeek, and Sigma, and new analytics from the Corelight Labs team to deliver the most effective alert aggregation and toolset and dataset consolidation. 

Not to be missed, we are happy to announce that we have completed attestation for GDPR – enabling us to extend the power of Investigator to the European market. Corelight customers and prospects can contact sales directly for pricing information or reach out to their preferred Corelight reseller in Europe.

To learn more about our evidence-first approach and how Investigator enables teams to upskill their analysts and improve SOC performance metrics, contact us today to get a demo and learn how to get a trial.