Technology Partners


Splunk logo

Corelight App for Splunk® 

Enable incident responders and threat hunters who use Splunk to work faster and more effectively. Check out the Corelight App for Splunk—pre-configured dashboards to get you up and running with Zeek® logs quickly. 

Elastic logo

Elastic Common Schema (ECS)

Using the Corelight ECS Mapping streamlines the implementation of automated analysis methods on Zeek logs, including machine learning-based anomaly detection and alerting.

Humio logo

Corelight packages for Humio

Get up and running quickly with overview dashboards and a threat hunting package with 60 MITRE ATT&CK®-mapped saved searches for Corelight data pre-built in Humio.

Our Partners

Corelight Sensors integrate easily into your existing security infrastructure. They deploy out-of-path and send Zeek logs directly to your analytics stack, whichever one you prefer. Interested in working with Corelight? Learn more


  • Active Countermeasures offers AI-Hunter, a network threat hunting solution that analyzes network traffic to detect which internal systems have been compromised.

    Download solution brief

  • AlphaSOC provides deep analysis and alerting of suspicious events, identifying gaps in your security controls and highlighting targeted attacks.

  • If you're an AWS shop you can send Zeek data directly into S3 for storage or later analysis. And Corelight offers an AWS-deployable version of our sensor.

  • Apcon provides valuable network insights that enable security and network professionals to monitor, secure and protect their data in both physical and virtual environments, inspiring confidence through APCON’s exceptional product quality and responsive customer service.

  • Arista Networks was founded to pioneer and deliver software-driven cloud networking solutions for large data center storage and computing environments.

  • Chronicle applies planet-scale computing and analytics to security operations, providing the tools teams need to secure their networks and their customers’ data.

  • Confluent creates an Apache Kafka-based streaming platform to unite your organization around a single source of truth.

  • cPacket builds ultra-high performance packet brokers based on custom hardware for the most demanding environments.
    Download solution brief

  • With Cribl LogStream, Corelight customers can reduce data volume while preserving insights and replay Corelight data ad hoc or on a schedule to your logging solution or SIEM of choice.
    Download solution brief

  • SOCs and Incident Responders who are joint customers of CrowdStrike and Corelight will receive high-signal alerting through automated, regular updating of their Corelight Sensors with Suricata rules and IOCs from CrowdStrike.

    Download solution brief

  • Founded by the team who originally created Apache Spark™, Databricks provides a Unified Analytics Platform for data science teams to collaborate with data engineering and lines of business to build data products.

  • Devo Security Operations reinvents the SIEM, empowering analysts to focus on the threats that matter most to the business. It puts the right alerts, data, context and intelligence at the fingertips of analysts across the entire threat lifecycle.

    Download solution brief

  • Elastic can reliably and securely take data from any source, in any format, and search, analyze, and visualize it in real time. Corelight supports integration into Logstash or Elasticsearch directly.

    Download solution brief

  • Endace Probes record 100% accurate Network History to solve Cybersecurity, Network and Application issues. Bring clarity to every incident, alert or issue with an open packet capture platform that integrates with all your commercial, open source or custom-built tools.

    Download solution brief

  • Exabeam delivers next-generation security management technology that enables organizations to protect their most valuable information.

    Download solution brief

  • FireEye offers a single platform that blends innovative security technologies, nationstate grade threat intelligence, and world-renowned Mandiant consulting.

    Download solution brief

  • Garland Technology is an industry leader delivering network products and solutions for enterprise, service providers, and government agencies worldwide. Since 2011, Garland Technology has developed the industry’s most reliable test access points (TAPs), enabling data centers to address IT challenges and gain complete network visibility.

    Download solution brief

  • Gigamon is a powerful packet broker platform powering the security of many enterprises, and a popular choice for Corelight customers.

  • Google Cloud provides organizations with leading infrastructure, platform capabilities and industry solutions, along with expertise, to reinvent their business with data-powered innovation on modern computing infrastructure.

    Download solution brief

  • Humio makes large scale log ingestion and analysis simple and economical.

    Download solution brief

  • Ixia provides testing, visibility, and security solutions, strengthening applications across physical and virtual networks for enterprises, service providers, and network equipment manufacturers

    Download solution brief

  • The McAfee approach to providing orchestrated security has become the de facto standard for enterprise security, with solutions to protect the entire infrastructure: endpoints, network, web, mobile and embedded devices, and cloud.

  • Microsoft customers can benefit from Corelight's integration with Defender for IoT, the Corelight for Microsoft Sentinel app and the Virtual Sensor for HyperV.

  • Cortex, by Palo Alto Networks, is a comprehensive product suite for security operations empowering enterprises with the best-in-class detection, investigation, automation and response capabilities.

  • Through its Titanium Platform, ReversingLabs delivers automated static analysis and file reputation services that represent the fastest and most accurate insights in the industry, finding the hidden objects that are armed to destroy enterprise business value.

    Download solution brief

  • Securonix delivers a next generation security analytics and operations management platform for the modern era of big data and advanced cyber threats.

    Download solution brief

  • Splunk takes your machine data and makes sense of it, and that can include Zeek logs. Better data will make your Splunk users more effective at incident response and threat hunting.

    Download solution brief

  • The Sumo Logic Continuous Intelligence Platform automates the collection, ingestion, and analysis of application, infrastructure, security, and IoT data to derive actionable insights within seconds.

  • ThreatQ by ThreatQuotient is an open and extensible threat intelligence platform (TIP) to provide defenders the context, customization and collaboration needed for increased security effectiveness and efficient threat operations and management.