There's no better way to see what's on your network.

Corelight Sensors extract over 400 data elements from network traffic in real time, with open-source Bro - using a format that was chosen by incident responders, for incident responders. When your team can work faster, the network is safer.

Download Bro Logs: a selection

Bro provides deep, detailed data about network traffic applicable to a wide range of security challenges. So why do people use Bro?

Faster, more accurate incident response.

Reduce incident response time by up to 20x

The time it takes your operations team to find and resolve a security incident is critical. Bro provides unparalleled data that helps your team get to the truth faster. Without Bro data, you and your team are working in the dark.

The time it takes your operations team to find and resolve a security incident is critical. Bro provides unparalleled data that helps your team get to the truth faster. Without Bro data, you and your team are working in the dark.

Filter out false positives more quickly

Corelight Sensors provide over 400 fields of data automatically extracted from your network flows, and transformed into structured logs designed by incident responders for incident responders. It's that data that lets incident responders quickly tell real threats from false alarms, and that means a faster, more effective security team.

Diagnose attacks, understand context faster

Corelight provides the context for threats and attacks, in the tools you already know and love. Whether you use Splunk, Elastic, ArcSight, QRadar or virtually any other analytics stack, it will be more powerful and effective if Corelight is fueling it with the right data.

More effective threat hunting

Expand threat hunting capabilities

Use Corelight to manually identify interesting or risky IOCs, and then pivot quickly to the corresponding PCAP files for deeper investigation.

Use Corelight to manually identify interesting or risky IOCs, and then pivot quickly to the corresponding PCAP files for deeper investigation.

Generate and aggregate indicators of compromise

Integrate data from selected logs (IP and DNS) with the AlphaSOC threat intelligence tool to flag suspicious / malicious IPs. Use the logs to aggregate and show the rare certificates used in your environment.

Proactively hunt for threats like ransomware

Use SMB (Windows) logs and file analyzers to monitor files being read that have low entropy, and are later rewritten at higher entropy. That pattern could be a signal that ransomware is encrypting files on a network file share.

Getting to the truth faster

Diagnose a load balancer problem

Use data from Corelight Sensors to prove a commercial load balancer is having a problem that can’t be replicated in the lab.

Use data from Corelight Sensors to prove a commercial load balancer is having a problem that can’t be replicated in the lab.

Gain cases into rogue application deployment

Quickly identify when new internal applications are introduced and used in your environment, even in different business units. Knowing what's running helps you manage security risk more effectively.

Quickly identify when new internal applications are introduced and used in your environment, even in different business units. Knowing what's running helps you manage security risk more effectively.