forrester wave report 2023

Close your ransomware case with Open NDR



Corelight now powers CrowdStrike solutions and services



Alerts, meet evidence.



5 Ways Corelight Data Helps Investigators Win



10 Considerations for Implementing an XDR Strategy



Don't trust. Verify with evidence



NDR for Dummies



The Power of Open-Source Tools for Network Detection and Response



The Evolving Role of NDR



Detecting 5 Current APTs without heavy lifting



Network Detection and Response



Technology Partners

On-demand webinar: Demystifying AI/ML for Security Operations



Corelight App for Splunk® 

Enable incident responders and threat hunters who use Splunk to work faster and more effectively. Check out the Corelight App for Splunk—pre-configured dashboards to get you up and running with Zeek® logs quickly. 


Elastic Common Schema (ECS)

Using the Corelight ECS Mapping streamlines the implementation of automated analysis methods on Zeek logs, including machine learning-based anomaly detection and alerting.


Corelight packages for Falcon LogScale

Get up and running quickly with overview dashboards and a threat hunting package with 60 MITRE ATT&CK®-mapped saved searches for Corelight data pre-built in LogScale.

ig-partners-apps-logo-tenable (1) for Corelight Suricata

Help SOCs prioritize which events to respond to first. The integration loads vulnerabilities with CVEs via the Corelight input framework, flagging Suricata IDS alerts to show where the system under attack is known to be vulnerable. (Customer login required).

Our Partners

Corelight Sensors integrate easily into your existing security infrastructure. They deploy out-of-path and send Zeek logs directly to your analytics stack, whichever one you prefer. Interested in working with Corelight? Learn more


  • Active Countermeasures offers AI-Hunter, a network threat hunting solution that analyzes network traffic to detect which internal systems have been compromised.

    Download solution brief

  • AlphaSOC provides deep analysis and alerting of suspicious events, identifying gaps in your security controls and highlighting targeted attacks.

  • If you're an AWS shop you can send Zeek data directly into S3 for storage or later analysis. And Corelight offers an AWS-deployable version of our sensor.

  • Apcon provides valuable network insights that enable security and network professionals to monitor, secure and protect their data in both physical and virtual environments, inspiring confidence through APCON’s exceptional product quality and responsive customer service.

  • Arista Networks was founded to pioneer and deliver software-driven cloud networking solutions for large data center storage and computing environments.

  • Axellio’s innovative network intelligence platform PacketXpress®️ provides a high-speed, application-agnostic, open platform for packet capture, storage, analysis, and distribution in an extremely small footprint.

    Download solution brief
  • Confluent creates an Apache Kafka-based streaming platform to unite your organization around a single source of truth.

  • cPacket builds ultra-high performance packet brokers based on custom hardware for the most demanding environments.
    Download solution brief

  • With Cribl LogStream, Corelight customers can reduce data volume while preserving insights and replay Corelight data ad hoc or on a schedule to your logging solution or SIEM of choice.
    Download solution brief

  • SOCs and Incident Responders who are joint customers of CrowdStrike and Corelight will receive high-signal alerting through automated, regular updating of their Corelight Sensors with Suricata rules and IOCs from CrowdStrike.

    Download solution brief

  • Founded by the team who originally created Apache Spark™, Databricks provides a Unified Analytics Platform for data science teams to collaborate with data engineering and lines of business to build data products.

  • Devo Security Operations reinvents the SIEM, empowering analysts to focus on the threats that matter most to the business. It puts the right alerts, data, context and intelligence at the fingertips of analysts across the entire threat lifecycle.

    Download solution brief

  • Elastic can reliably and securely take data from any source, in any format, and search, analyze, and visualize it in real time. Corelight supports integration into Logstash or Elasticsearch directly.

    Download solution brief

  • Endace Probes record 100% accurate Network History to solve Cybersecurity, Network and Application issues. Bring clarity to every incident, alert or issue with an open packet capture platform that integrates with all your commercial, open source or custom-built tools.

    Download solution brief

  • Exabeam delivers next-generation security management technology that enables organizations to protect their most valuable information.

    Download solution brief

  • FireEye offers a single platform that blends innovative security technologies, nationstate grade threat intelligence, and world-renowned Mandiant consulting.

    Download solution brief

  • Garland Technology is an industry leader delivering network products and solutions for enterprise, service providers, and government agencies worldwide. Since 2011, Garland Technology has developed the industry’s most reliable test access points (TAPs), enabling data centers to address IT challenges and gain complete network visibility.

    Download solution brief

  • Gigamon is a powerful packet broker platform powering the security of many enterprises, and a popular choice for Corelight customers.

  • Google Cloud provides organizations with leading infrastructure, platform capabilities and industry solutions, along with expertise, to reinvent their business with data-powered innovation on modern computing infrastructure. Chronicle Security Operations is a modern, cloud-native SecOps platform that empowers security teams to better defend against today’s and tomorrow’s threats.

    Download solution brief for Chronicle

    Download data sheet for Google Cloud Sensor

  • Humio makes large scale log ingestion and analysis simple and economical.

    Download solution brief

  • Keysight provides testing, visibility, and security solutions, strengthening applications across physical and virtual networks for enterprises, service providers, and network equipment manufacturers

    Download solution brief

  • Since 2004, Mandiant has been a trusted partner to security-conscious organizations. The Mandiant Advantage SaaS platform scales decades of frontline experience and industry-leading threat intelligence to deliver a range of dynamic cyber defense solutions. Download solution brief

  • The McAfee approach to providing orchestrated security has become the de facto standard for enterprise security, with solutions to protect the entire infrastructure: endpoints, network, web, mobile and embedded devices, and cloud.

  • Microsoft customers can benefit from Corelight's integration with Defender for IoT, the Corelight for Microsoft Sentinel app and the Virtual Sensor for HyperV.
    Download solution brief

  • Today, we are an interdependent team with strong backgrounds in cybersecurity and networking. Our mission is to provide visibility into network traffic as our customers transition to higher speeds and new architectures, and to eliminate the compromise between privacy and security along their journey. We build lasting relationships with our valued customers and partners, and deliver innovative encryption software and products.

  • Cortex, by Palo Alto Networks, is a comprehensive product suite for security operations empowering enterprises with the best-in-class detection, investigation, automation and response capabilities.

  • Through its Titanium Platform, ReversingLabs delivers automated static analysis and file reputation services that represent the fastest and most accurate insights in the industry, finding the hidden objects that are armed to destroy enterprise business value.

    Download solution brief

  • Secureworks is a global cybersecurity leader that protects customer progress with Secureworks Taegis, a cloud-native security analytics platform built on 20+ years of real-world threat intelligence and research, improving customers’ ability to detect advanced threats, streamline and collaborate on investigations, and automate the right actions.
    Download solution brief

  • Securonix delivers a next generation security analytics and operations management platform for the modern era of big data and advanced cyber threats.

    Download solution brief

  • Analysts using Corelight's Open NDR platform can send specified detections to ServiceNow, enabling efficient case management for in-depth analysis.
    Watch demo video

  • SOC Prime operates the world’s largest and most advanced platform for collective cyber defense. Powered by Sigma language and MITRE ATT&CK®️, SOC Prime's Detection as Code platform enables intelligence-driven threat detection and hunting capabilities, cost-efficient threat investigation, and direct access to detection content for critical threats in <24 hours.

    Download solution brief

  • Splunk takes your machine data and makes sense of it, and that can include Zeek logs. Better data will make your Splunk users more effective at incident response and threat hunting.

    Download solution brief

  • Stellar Cyber's Open XDR, the Everything Detection and Response platform, correlates data from all your existing security tools with hundreds of technology integrations as well as from its own functions.

  • The Sumo Logic Continuous Intelligence Platform automates the collection, ingestion, and analysis of application, infrastructure, security, and IoT data to derive actionable insights within seconds.

  • ThreatQ by ThreatQuotient is an open and extensible threat intelligence platform (TIP) to provide defenders the context, customization and collaboration needed for increased security effectiveness and efficient threat operations and management.

  • Zuul protects connected operational technology (OT) in critical industries such as transportation, building automation and industrial control systems from cyber attacks. Zuul’s approach to securing OT technology at scale minimizes the risks associated with digital transformation and the proliferation of connected OT devices.

Close the case on ransomware

In high stakes ransomware investigations, many security teams are unable to answer key questions and default to worst-case assumptions. With complete visibility from Corelight, teams can avoid costly overreactions. One customer, when confronted with a $10 million ransomware demand, used Corelight to prove the exfiltrated data being held for ransom had no real value while providing legal aircover for refusing to pay the ransom.



Have questions?

Talk with one of our experts today.