Get Started

          Technology Partners

          Technology Partner Apps

          Corelight Splunk

          Corelight Splunk® App

          Check out the Corelight Splunk® App, pre-configured dashboards to get you up and running with Zeek logs quickly. Once you’re familiar with Zeek data, you can customize them.

          Splunk partner
          Corelight Elastic Connector

          Corelight Elastic Connector

          If you’re an Elastic Stack user, you can export Zeek logs into Logstash, or with the Corelight Connector you can ingest them directly into Elasticsearch.


          Technology Partners

          Corelight Sensors integrate easily into your existing security infrastructure. They deploy out-of-path and send Zeek logs directly to your analytics stack, whichever one you prefer. Interested in working with Corelight? Learn more

          • Active Countermeasures offers AI-Hunter, a network threat hunting solution that analyzes network traffic to detect which internal systems have been compromised.

          • AlphaSOC provides deep analysis and alerting of suspicious events, identifying gaps in your security controls and highlighting targeted attacks.

          • If you're an AWS shop you can send Zeek data directly into S3 for storage or later analysis. And Corelight offers an AWS-deployable version of our sensor.

          • Apcon provides valuable network insights that enable security and network professionals to monitor, secure and protect their data in both physical and virtual environments, inspiring confidence through APCON’s exceptional product quality and responsive customer service.

          • Arista Networks was founded to pioneer and deliver software-driven cloud networking solutions for large data center storage and computing environments.

          • Chronicle applies planet-scale computing and analytics to security operations, providing the tools teams need to secure their networks and their customers’ data.

          • Confluent creates an Apache Kafka-based streaming platform to unite your organization around a single source of truth.

          • cPacket builds ultra-high performance packet brokers based on custom hardware for the most demanding environments.

          • SOCs and Incident Responders who are joint customers of CrowdStrike and Corelight will receive high-signal alerting through automated, regular updating of their Corelight Sensors with Suricata rules and IOCs from CrowdStrike.

          • Founded by the team who originally created Apache Spark™, Databricks provides a Unified Analytics Platform for data science teams to collaborate with data engineering and lines of business to build data products.

          • Devo Security Operations reinvents the SIEM, empowering analysts to focus on the threats that matter most to the business. It puts the right alerts, data, context and intelligence at the fingertips of analysts across the entire threat lifecycle.

          • Elastic can reliably and securely take data from any source, in any format, and search, analyze, and visualize it in real time. Corelight supports integration into Logstash or Elasticsearch directly.

          • Endace Probes record 100% accurate Network History to solve Cybersecurity, Network and Application issues. Bring clarity to every incident, alert or issue with an open packet capture platform that integrates with all your commercial, open source or custom-built tools

          • Exabeam delivers next-generation security management technology that enables organizations to protect their most valuable information.

          • FireEye offers a single platform that blends innovative security technologies, nationstate grade threat intelligence, and world-renowned Mandiant consulting.

          • Garland Technology is an industry leader delivering network products and solutions for enterprise, service providers, and government agencies worldwide. Since 2011, Garland Technology has developed the industry’s most reliable test access points (TAPs), enabling data centers to address IT challenges and gain complete network visibility.

          • Gigamon is a powerful packet broker platform powering the security of many enterprises, and a popular choice for Corelight customers.

          • Google Cloud provides organizations with leading infrastructure, platform capabilities and industry solutions, along with expertise, to reinvent their business with data-powered innovation on modern computing infrastructure.

          • Humio makes large scale log ingestion and analysis simple and economical.

          • Ixia provides testing, visibility, and security solutions, strengthening applications across physical and virtual networks for enterprises, service providers, and network equipment manufacturers

          • The McAfee approach to providing orchestrated security has become the de facto standard for enterprise security, with solutions to protect the entire infrastructure: endpoints, network, web, mobile and embedded devices, and cloud.

          • Cortex, by Palo Alto Networks, is a comprehensive product suite for security operations empowering enterprises with the best-in-class detection, investigation, automation and response capabilities.

          • Through its Titanium Platform, ReversingLabs delivers automated static analysis and file reputation services that represent the fastest and most accurate insights in the industry, finding the hidden objects that are armed to destroy enterprise business value.

          • Securonix delivers a next generation security analytics and operations management platform for the modern era of big data and advanced cyber threats.

          • Splunk takes your machine data and makes sense of it, and that can include Zeek logs. Better data will make your Splunk users more effective at incident response and threat hunting.

          • The Sumo Logic Continuous Intelligence Platform automates the collection, ingestion, and analysis of application, infrastructure, security, and IoT data to derive actionable insights within seconds.

          • ThreatQ by ThreatQuotient is an open and extensible threat intelligence platform (TIP) to provide defenders the context, customization and collaboration needed for increased security effectiveness and efficient threat operations and management.