Detect and disrupt evasive threats with high-fidelity, multi-layered detection.
Detect advanced attacks with Corelight
Corelight announces cloud enrichment for AWS, GCP, and Azure
Corelight's partner program
10 Considerations for Implementing an XDR Strategy
Don't trust. Verify with evidence
2025 Gartner® Magic Quadrant™ for NDR
Detecting 5 Current APTs without heavy lifting
Network Detection and Response
Corelight Extends Gen AI Leadership in NDR with New MCP Server and Prompt Playbooks for Faster Alert Triage and Resolution
New GenAI Accelerator Pack delivers semantic access to industry-standard network evidence,
enabling native SOC workflows across multiple LLMs and SIEM platforms
SAN FRANCISCO, July 31, 2025 /PRNewswire/ -- Corelight, the fastest growing provider of network detection and response (NDR) solutions, today announced the private preview of its GenAI Accelerator Pack, which includes a Model Context Protocol (MCP) Server, Analyst Assistant Promptbooks, and Investigation Promptbooks, combining industry-standard network evidence with the power of large language models (LLMs) to accelerate and enhance security operations center (SOC) workflows. The Corelight GenAI Accelerator Pack will be live in the Black Hat Network Operations Center (NOC) during the conference in Las Vegas, Aug. 2-7, where Corelight is the sole provider of NDR capabilities, constantly monitoring the purpose-built network for malicious activity.
This announcement extends Corelight's GenAI leadership in the NDR segment which began with the category's first integrated GenAI workflow automation functionality, leading the category on LLM co-development partnerships, and the company's GenAI-powered Guided Triage capability. Corelight's approach starts with AI/ML detections as part of a multi-layered detection engine backed by forensic-grade network evidence. Those detections fuel GenAI-powered workflows that accelerate triage, automate investigation, and flexibly empower a range of analyst activities. Finally, and most uniquely, Corelight's analytics and evidence power the AI-enabled SOC through deep integrations and prompt content that accelerates investigations of all kinds across different LLMs and SIEM/SOC platforms. Corelight's focus on driving GenAI-based acceleration for the analyst both in Corelight products and partner products (like a customer's SIEM) is a key part of the company's OpenNDR strategy and enabler of the agentic SOC.
"This is a natural extension of Corelight's longstanding efforts to leverage AI for robust analytics and workflow acceleration," said Greg Bell, Corelight chief strategy officer. "Today's announcement represents the third pillar of our AI strategy, which is focused on supporting the emerging agentic SOC ecosystem. Here we're combining rich network evidence, expert-authored detections, and LLM-driven reasoning to give SOC teams superhuman triage capabilities—without sacrificing trust or transparency—with complete architectural independence. We expect it will be impactful to all Corelight customers."
A New Standard for Enabling the GenAI-Powered SOC
Corelight's approach combines the power of open-source tools and standards with the breadth of network visibility and power of GenAI to accelerate SOC workflows across a wide range of alert types and investigations - not just those from Corelight. The features of the Corelight GenAI Accelerator Pack include:
- MCP Server: A programmatic interface that allows analysts to harness the agentic power of LLMs to access Corelight log, alert, and detection data (directly from the SIEM, including Splunk, Elastic, LogScale and more) through dozens of pre-built tools, abstracting complex queries into straightforward, actionable insights using natural language.
- Investigation Promptbooks: A set of investigation workflow LLM prompts and sample data to enable automated investigation of common alert types, including fully transparent detailing of the investigation steps taken.
- Analyst Assistant Promptbooks: A wide range of LLM prompts and sample data to support day-to-day analyst activities, ranging from alert translation to payload and alert session summaries and beyond.
These Promptbooks extend existing and proven workflow automation capabilities from Corelight's Investigator SaaS product to sensor-only customers as well. Together, these prompts produce succinct and actionable insight that can easily be used within other AI workstreams or directly digested by security practitioners, providing a way to automate and accelerate the analysis of both network security alerts generated by Corelight as well as a wide range of other alert types (EDR, ITDR, etc).
"We believe the future of cybersecurity is evidence-first and AI-accelerated," added Bell. "Corelight is uniquely positioned to deliver modern solutions for the agentic SOC."
Availability
The Corelight GenAI Accelerator Pack is currently available in private preview to existing Corelight customers who can engage their account teams to turn on access as necessary.
To learn more about the latest release in Corelight's AI journey, please visit: https://corelight.com/blog/llm-prompts-for-network-security.
About Corelight
Corelight transforms network and cloud activity into evidence that security teams use to proactively hunt for threats, accelerate response to incidents, gain complete network visibility and create powerful analytics. Corelight's global customers include Fortune 500 companies, major government agencies, and large universities. Based in San Francisco, Corelight is an open-core security company founded by the creators of Zeek®, the widely-used network security technology. For more information, visit https://corelight.com or follow @corelight_inc.
SOURCE Corelight
Have questions?
Talk with one of our technical experts today.
