CONTACT US
CONTACT US

START HERE

Evidence-based security

 

WHY CORELIGHT

Complete visibility

Next-level analytics

Faster investigation

Expert hunting

    CORELIGHT LABS

    Recent research

    Mission and team

    Insights

    Polaris program

      TRENDING TOPICS

      Encrypted traffic

       

      VERTICALS

      Federal
        ad-images-nav_0001_SANs thumb

        SANS Protects: The Network

        DOWNLOAD WHITE PAPER

        ad-images-nav_0009_Threat-hunting-guide

        Threat hunting guide

        GET THE GUIDE

        OVERVIEW

        Open NDR Platform

        Analytics & detections

         

        PRODUCTS

        Zeek

        IDS

        Smart PCAP

        Investigator

          SENSORS

          Appliances

          Cloud

          Software

          Virtual

          Fleet Manager

          View all products

            SERVICES

            Training

             

            ALLIANCES

            CrowdStrike

            Mandiant

            Microsoft

            Splunk

            View all

             

            USE CASES

            Case Studies

            View all
              ad-nav-crowdstrike

              Corelight now powers CrowdStrike solutions and services

              READ MORE

              ad-images-nav_0013_IDS

              Alerts, meet evidence.

              LEARN MORE ABOUT OUR IDS SOLUTION

              ad-images-nav_white-paper

              5 Ways Corelight Data Helps Investigators Win

              READ WHITE PAPER

              BLOG

              Read the latest

                EVENTS

                Meet with us

                  DEMOS

                  Get a demo
                    ad-images-nav_0000_Thinking-like-a-threat-actor

                    Thinking like a Threat Actor: Hunting the Ghost in the Machine

                    WATCH THE WEBCAST

                    ad-images-nav_0006_Blog

                    Don't trust. Verify with evidence

                    READ BLOG

                    ABOUT US

                    About Corelight

                    Careers

                    Leadership

                    Investors

                    Newsroom

                    Apex Awards

                      CHANNEL PARTNERS

                      Partner Program

                      Deal registration

                      Partner Academy

                      Become a Partner
                          ad-nav-NDR-for-dummies

                          NDR for Dummies

                          GET THE WHITE PAPER

                          ad-nav-video

                          The Power of Open-Source Tools for Network Detection and Response

                          WATCH THE WEBCAST

                          ad-nav-ESG

                          The Evolving Role of NDR

                          DOWNLOAD THE REPORT

                          SUPPORT SERVICES

                          Open a ticket

                          Account login

                          Technical bulletins

                          Report a security vulnerability

                            WORLD-CLASS SUPPORT

                            Support overview
                                ad-images-nav_0006_Blog

                                Detecting 5 Current APTs without heavy lifting

                                READ BLOG

                                Corelight + Splunk

                                Splunk analytics plus Corelight evidence means you can do almost anything; uncover past attacks, thwart ones that haven’t happened yet, and much more.

                                splunk-vid-th

                                Corelight evidence in Splunk

                                Learn how Corelight makes investigations faster in this example with DNS activity:

                                Carousel that displays one slide at a time. Use the Previous and Next buttons to navigate, or the slide dot buttons at the end to jump to slides.

                                Starting at the Splunk Enterprise Security dashboard, explore network notables

                                Pivot to the Corelight Suricata log using Corelight's Unique Identifier (UID) to see if any alerts fired. Next pivot to the notice.log…

                                The notice.log shows a possible exploit. The same UID links to the connection.log for further investigation.

                                An analyst can then look for further context in the connection.log, and pivot again to the DNS log…

                                On the DNS log, tunneling to pirate.sea is evident. From here the analyst can block the domain with a firewall and notify their forensics team for investigation.

                                data_you_need

                                Pay for just the data you need

                                Our support team knows how to fine tune your solution so that you get value out of every byte. Talk to them now.

                                corelight-labs

                                Corelight Labs & SURGe 

                                Corelight Labs works side-by-side with SURGe, Splunk’s security research group, to discover new attacks and find out how to stop them. Read the research here. 

                                Boss-of-the-SOC

                                Play Capture the Flag

                                Corelight is the one and only official partner for Boss of the SOC this year, and the game is live right now. Test your skills and have fun too! Learn more.

                                Discover more

                                Learn to threat hunt in Splunk

                                Threat hunting in Splunk

                                Joint Solution Brief

                                Download the Splunk integration guideDownload here

                                splunk-jds-th-im

                                Corelight x Splunk App

                                Download the Corelight app for Splunk Download here

                                corelight-splunk-app

                                Have questions?

                                Talk with one of our experts today.

                                CONTACT US