All products

See all of the products that power our Open NDR Platform, from our sensors to open-source and proprietary evidence collections to our analytics and SaaS solutions.

Open NDR Platform

Network Monitoring with Zeek

The standard for network traffic monitoring and proactive data-first defense, Zeek^® is foundational to the Open NDR Platform

IDS

The best-in-class open source alerting engine–Suricata IDS–deeply integrated into the Open NDR Platform

Threat Intelligence

Uplevel your threat detection workflow with CrowdStrike's premium intelligence and Corelight's high-fidelity network evidence combined.

asset-classification-in-investigator-corner

Performance & Asset Visibility

Passive asset classification and anomaly-first network performance alerting extends the value of Corelight network evidence.

Static file analysis

Detect malware threats with pattern-based detection through YARA rules, the standard in malware analysis.

Smart PCAP

Capture just the packets you need for investigations, and store months—not minutes—of traffic history.

Investigator

The only evidence-first threat investigation paltform. Investigator is a SaaS-based network detection and response solution that dramatically simplifies Tier 1 workflows.

Detection Collections

Security analytics developed by Corelight Labs, along with curated additions from the Zeek community.

C2 Collection

50+ detections and insights into known command and control activity, as well as MITRE ATT&CK^® C2 techniques for finding novel attacks.

Core Collection

Proprietary packages that help sensors scale in high-throughput environments, combined with curated insights from the Zeek community.

Encrypted Traffic Collection

Dozens of insights into SSL, SSH, and RDP connections enhanced with community contributions like JA3—all without decryption.

Entity Collection

Allows easy searching and grouping on entity inventory, including identification of subnets and 80+ applications.

ICS/OT Collection

Identify and log ICS/OT protocols like BACnet, DNP3, Ethercat, Modbus, and more.

Appliance sensors

Hardware sensors with enterprise-grade stability and performance. Deployment takes just minutes.

AP 200 Series Appliance Sensors

Throughput: 4 Gbps | Support for copper and optical modules at 100M and 1G

AP 600 Series Appliance Sensors

Throughput: 10 Gbps | Support for copper and optical modules at 1G and 10G

AP 1000 Series Appliance Sensors

Throughput: 25 Gbps | Support for copper and optical modules at 1G and 10G

AP 3000 Series Appliance Sensors

Throughput: 50+ Gbps | Support for optical modules at 8 x 10G or 2 x 40G

AP 5000 Series Appliance Sensors

Throughput: 125+ Gbps | Support for optical modules at 8 x 10G, 2 x 40G or 2 x 100G

Other sensors

Corelight’s cloud security solutions allow you to detect and respond to threats that target cloud workloads.

Cloud Sensors

Deploy in AWS, GCP, and Azure environments. SaaS and self-managed options available.

Software Sensor

Throughput: 8 Gbps | Get all the benefits of the full Open NDR Platform capabilities in places that you couldn't otherwise reach.

Virtual Sensors

Available for Hyper-V and VMware | Throughput: up to 8 Gbps. Corelight's Hyper-V and VMware NDR virtual sensors transform network traffic into high-fidelity data for incident response, intrusion detection, and more.

Manage all of your sensors in one place with Fleet Manager

Corelight Fleet Manager gives you the ability to manage your entire fleet of sensors from one user-friendly GUI console. Create custom configuration templates in minutes to manage individual sensors, groups, or your entire fleet.

Fleet Manager