We're committed to providing users with access to the richest stream of network detection and response data possible. Discover parsers for new protocols, data analyzers, malware detectors, supporting documentation, and more, here.


Corelight Collections


Collections of scripts and plug-ins created for Corelight Sensors that detect malicious behaviors and expand on Zeek data.

  • C2 Collection - Detection for over 50 types of command and control activity
  • Encrypted Traffic Collection - Unique insights to investigate encrypted traffic present on most networks
  • Core Collection - Expanded insights for monitoring high-throughput sites for port scanning, cryptomining, and more

Zeek Open Source Packages


Query a full list of all Zeek packages:


Zeek Open Source Enhancements


Documentation and Guides

To learn more about Corelight Labs, contact our team.