Meet the connection.log
Like Netflow, on steroids. The master connection record with a UID so you can pivot effortlessly across all protocol activity associated with a given connection.
Why Corelight
Corelight’s network data makes your SOC more efficient and powerful.
Zeek vs. the other data
- Netflow data is useful but thin.
- Packets were never designed for people to read.
- Solving security incidents requires aggregating data from many sources.
- Network performance management (NPM) data wasn’t built for security teams.
- Different data souces and logs are often in different formats with different time stamps.
- PCAP files are too large to store beyond a few days or weeks.
Corelight vs. OS Zeek
- Zeek / Bro logs provide over 400 fields of data about dozens of protocols.
- Zeek / Bro logs are designed for security analysts and fast search.
- Corelight automatically collects the data you need from the network.
- Corelight data is precisely time-stamped and interlinked for easy, fast pivots.
- Corelight logs are 1/100th PCAP’s size and can be stored for years.
5 ways Corelight data is better.
Understanding exactly why Zeek / Bro is so much more poweful than what you're using now can be complex. This white paper illustrates five examples that show specifically how and why Corelight lets you resolve issues that can't be resolved using traditional methods like Netflow and PCAP.
Learn about Corelight’s powerful network logs.
Meet the dns.log
You wish your DNS server records gave you this much detail. The full five tuple and DNS query? They’re included in Corelight’s DNS log, along with many more useful DNS fields for security operations.
Meet the SSL.log
Think encrypted traffic yields no secrets? False. Corelight’s encrypted traffic parsing capabilities allow you to fingerprint SSL connections for blacklisting and whitelisting, discover self-signed and expired certificates, and much more.
Meet the files.log
Every file that crosses the network gets its own log. File type doesn’t match the MIME type? You’ll see that in this log. Hashes for malware lookups? They’re included too. Corelight can also reassemble and extract all files that cross the network for additional downstream analysis.
Meet the software.log
See every unique piece of software used by a client or server on your network. Track BYO software use and outdated software versions to assist your vulnerability management program.