Skip to content

This is a search field with an auto-suggest feature attached.

There are no suggestions because the search field is empty.

PROTECTING OVER $1B IN DAILY TRADES

DEFENDING ENERGY FOR 32+M U.S. USERS

SECURING NETWORKS FOR 52K+ TRANSPORT VEHICLES

PROTECTING OVER $10T IN MANAGED ASSETS

SECURING 16+M ANNUAL PATIENT VISITS

+1(888) 547-9497

Start here

Why Open NDR

Why Corelight

Evidence-based security

Detections & analytics

Faster investigation

Complete visibility

Solutions

Cloud security

Encrypted traffic

Federal

State, local government, and education

Financial services

Ransomware

Threat hunting

Corelight Labs

Recent research

Mission and team

Polaris program

Use cases

Case studies

Explore use cases

Evasive Threats_MenuAd_264x264

Overview

Open NDR Platform

Analytics & detections

MITRE ATT&CK^®

Platform capabilities

AI-powered SOC

Triage with Investigator

Network monitoring with Zeek^®

Intrusion detection with Suricata^®

Static file analysis with YARA

Threat intelligence

Forensics with Smart PCAP

Sensors

Appliances

Cloud

Flow

Software

Virtual

Fleet Manager

View all products

Services

Training

Alliances

CrowdStrike

Google Cloud

Microsoft

Splunk

Elastic

View all alliances

Use cases

Case studies

Explore use cases

Typhoonwarning_MenuAd_264x264

Technology integrations

Partner ecosystem

Technology partners directory

For partners

Deal registration

Become a channel partner

Partner Academy sign up

Alliance Academy sign up

Corelight announces cloud enrichment for AWS, GCP, and Azure

Read more

The Corelight Partner Program

Become a partner

Blog

Read the latest

Events

Meet with us

Resource center

Document library

Glossary

NDR (Network Detection & Response)

NDR vs. XDR vs. EDR

Cloud Security Solutions

Intrusion Detection System (IDS)

Packet Capture (PCAP)

Signature-Based Detection

IDS False Positive

View all glossary

10 considerations for implementing an XDR strategy

Read now

Don't trust. Verify with evidence

Read blog

About us

About Corelight

Leadership

Investors

Join us

Careers

Current openings

News & events

Newsroom

Media coverage

Events

CorelightLeader_MenuAd_264x264

Support services

Open a ticket

Account login

Technical bulletins

Report a security vulnerability

World-class support

Support overview

Network Detection & Response

Support overview

Get a demo Contact us

All products

See all of the products that power our Open NDR Platform, from our sensors to open-source and proprietary evidence collections to our analytics and SaaS solutions.

Open NDR Platform

Open NDR Platform

Investigator

The only evidence-first threat investigation platform. Investigator is a SaaS-based network detection and response solution that dramatically simplifies Tier 1 workflows.

Investigator--dashboard-gradient

Zeek

The standard for network traffic monitoring and proactive data-first defense, Zeek^® is foundational to the Open NDR Platform.

IDS

The best-in-class open source alerting engine—Suricata IDS—deeply integrated into the Open NDR Platform.

Smart PCAP

Capture just the packets you need for investigations, and store months—not minutes—of traffic history.

Static file analysis

Detect malware threats with pattern-based detection through YARA rules, the standard in malware analysis.

Detection Collections

Security analytics developed by Corelight Labs, along with curated additions from the Zeek community.

C2 Collection

50+ detections and insights into known command and control activity, as well as MITRE ATT&CK^® C2 techniques for finding novel attacks.

Core Collection

Proprietary packages that help sensors scale in high-throughput environments, combined with curated insights from the Zeek community.

Encrypted Traffic Collection

Dozens of insights into SSL, SSH, and RDP connections enhanced with community contributions like JA3—all without decryption.

Entity Collection

Allows easy searching and grouping on entity inventory, including identification of subnets and 80+ applications.

ICS/OT Collection

Identify and log ICS/OT protocols like BACnet, DNP3, Ethercat, Modbus, and more.

Appliance sensors

Hardware sensors with enterprise-grade stability and performance. Deployment takes just minutes.

AP 200 Series Appliance Sensors

Throughput: 2 Gbps | Support for copper and/or optical modules at 100M and 1G

AP 1000 Series Appliance Sensors

Throughput: 25 Gbps | Support for copper and/or optical modules at 1G and/or 10G

AP 3000 Series Appliance Sensors

Throughput: 50 Gbps | Support for copper and/or optical modules at 1G and 10G or 40G

AP 5000 Series Appliance Sensors

Throughput: 100+ Gbps | Support for optical modules at 8 x 10G, 2 x 40G or 2 x 100G

Other sensors

Corelight’s cloud security solutions allow you to detect and respond to threats that target cloud workloads.

Cloud Sensors

Deploy in AWS, GCP, and Azure environments. SaaS and self-managed options available.

Software Sensor

Throughput: 8 Gbps | Get all the benefits of the full Open NDR Platform capabilities in places that you couldn't otherwise reach.

Virtual Sensors

Available for Hyper-V and VMware | Throughput: up to 8 Gbps. Corelight's Hyper-V and VMware NDR virtual sensors transform network traffic into high-fidelity data for incident response, intrusion detection, and more.

Fleet Manager

Corelight Fleet Manager gives you the ability to manage your entire fleet of sensors from one user-friendly GUI console. Create custom configuration templates in minutes to manage individual sensors, groups, or your entire fleet.

Have questions?

Talk with one of our experts today.

Contact us

Sign up for our newsletter

Sign up for our newsletter

Momentum Leader Summer 2025

High Performer Summer 2025

users-love-us Milestone

We’re hiring!

Build on your talents and dedication to defense by joining our team.

Careers at Corelight

Corelight_Inc_US_English_2025_Certification_Badge_GPTW

fortune-best-places-to-work-2025

1 (888) 547-9497

North America
548 Market St, PMB 77799
San Francisco, CA 94104-5401

8229 Boone Blvd, #410
Vienna, VA 22182

Europe
Suite 4 7th Floor
50 Broadway
London SW1H 0DB

Middle East and Africa
804, City Tower 2,
Sheikh Zayed Road,
Dubai, UAE

Asia Pacific
International Commercial Services,
Level 11/139 Macquarie St,
Sydney NSW 2000, Australia

© 2025 Corelight, Inc. All rights reserved.

The Z and Design mark and the ZEEK mark are trademarks and/or registered trademarks of the International Computer Science Institute in the United States and certain other countries. The Licensed Marks are being used pursuant to a license agreement with the Institute.

Cookie preferences
Privacy notice
Terms of use
Trust and compliance