Corelight + Splunk
Splunk analytics plus Corelight evidence means you can do almost anything; uncover past attacks, thwart ones that haven’t happened yet, and much more.
Corelight evidence in Splunk
Learn how Corelight makes investigations faster in this example with DNS activity:
Carousel that displays one slide at a time. Use the Previous and Next buttons to navigate, or the slide dot buttons at the end to jump to slides.
Starting at the Splunk Enterprise Security dashboard, explore network notables…
Pivot to the Corelight Suricata log using Corelight's Unique Identifier (UID) to see if any alerts fired. Next pivot to the notice.log…
The notice.log shows a possible exploit. The same UID links to the connection.log for further investigation.
An analyst can then look for further context in the connection.log, and pivot again to the DNS log…
On the DNS log, tunneling to pirate.sea is evident. From here the analyst can block the domain with a firewall and notify their forensics team for investigation.

Pay for just the data you need
Our support team knows how to fine tune your solution so that you get value out of every byte. Talk to them now.

Corelight Labs & SURGe
Corelight Labs works side-by-side with SURGe, Splunk’s security research group, to discover new attacks and find out how to stop them. Read the research here.

Play Capture the Flag
Corelight is the one and only official partner for Boss of the SOC this year, and the game is live right now. Test your skills and have fun too! Learn more.
Discover more
Joint Solution Brief

Corelight x Splunk App
