Get Started

          We're committed to providing users with access to the richest stream of network detection and response data possible. Discover parsers for new protocols, data analyzers, malware detectors, supporting documentation, and more, here.


          Corelight Collections


          Collections of scripts and plug-ins created for Corelight Sensors that detect malicious behaviors and expand on Zeek data.

          • C2 Collection - Detection for over 50 types of command and control activity
          • Encrypted Traffic Collection - Unique insights to investigate encrypted traffic present on most networks
          • Core Collection - Expanded insights for monitoring high-throughput sites for port scanning, cryptomining, and more

          Zeek Open Source Packages



          Query a full list of all Zeek packages:

          Zeek Open Source Enhancements


          Documentation and Guides

          To learn more about Corelight Labs, contact our team.