It's comprehensive.
Corelight data covers dozens of network protocols in granular, actionable detail.
There's no better way to see what's on your network.
Corelight Sensors extract over 400 data elements from network traffic in real time, with open-source Bro - using a format that was chosen by incident responders, for incident responders. When your team can work faster, the network is safer.
Why Corelight?
Corelight provides the network data you need to defend your organization.
Your current network data
- Netflow data is useful but thin.
- Packets were never designed for people to read.
- Solving security incidents requires aggregating data from many sources.
- Different data souces and logs are often in different formats with different time stamps.
- Keeping comprehensive PCAP files is prohibitively expensive.
Corelight network data
- Bro logs provide over 400 fields of data about dozens of protocols.
- Bro logs were designed by incident responders, for incident responders.
- Corelight automatically collects the data you need from the network.
- Corelight data is precisely synchronized and easy to pivot across.
- Corelight data is usually 1/100th the size, or less.
5 ways Corelight data is better.
Understanding exactly why Bro is so much more poweful than what you're using now can be complex. This white paper illustrates five examples that show specifically how and why Corelight lets you resolve issues that can't be resolved using traditional methods like Netflow and PCAP.
Learn more about what makes Corelight data different
It's searchable.
Faster search means that incidents can be resolved more quickly.
Automated file extraction at scale.
Extracting files from network traffic can be a critical tool for network forensics. Open source Bro doesn't support this key capability.
Dynamic Protocol Detection (DPD)
Attackers who try to evade discovery by using non-standard ports will still be detected.
Designed for automated analysis using custom scripting.
Bro is not just an IDS, it's an event-processing engine.