ACCELERATE THREAT VISIBILITY, DETECTION, & RESPONSE
By correlating and analyzing over 50 network protocols, Corelight transforms network traffic into comprehensive, protocol-rich evidence that can help cybersecurity analysts quickly find and eliminate threats across their environment. Corelight’s Open NDR Platform has been instrumental in helping Mandiant customers enhance the visibility of potential threats, accelerate investigations, and understand the interrelated details of even the most sophisticated attacks.
- Enjoy peace of mind with validation from Mandiant Incident Response and Managed Defense teams
- Streamline workflows with native integration into Google Chronicle, Breach Analytics, Mandiant Threat Intelligence, Packet Mirroring, and VirusTotal
- Combine rich, comprehensive network evidence with massive scalability and lightning-fast search from Chronicle
- Elevate your security posture by extending advanced threat detection coverage to hybrid and multi-cloud environments
THREAT INTELLIGENCE
Corelight Sensors ingest Mandiant Threat Intelligence to provide enrichment of Zeek logs and correlation with Suricata alerts for optimal detection and response.
GOOGLE CHRONICLE
Rich Corelight telemetry is ingested and automatically parsed into Chronicle to help organizations maintain a strong security posture with a cloud-native, petabyte-scale SIEM platform.
BREACH ANALYTICS
Enriched Corelight logs, contextual alerts, and network security analytics power Chronicle’s breach analytics to accelerate investigations and threat hunting.
VIRUSTOTAL
Corelight integration enables SOC teams to easily identify and submit suspicious files for malware analysis with Google VirusTotal with a single click within Chronicle.
Open NDR for Google Cloud security environments
As a strategic Google Cloud security partner, Corelight’s Open NDR Platform integrates across the Google Cloud Security Operations Suite to deliver a superior level of attack visibility, response, and threat hunting capabilities. Organizations can use Mandiant Threat Intelligence to enrich Corelight high-fidelity logs and prioritize Suricata alerts that can be consumed into Chronicle and analyzed by its Breach Analytics module for faster, more effective investigations.
With Corelight’s insightful network evidence powering Chronicle SOAR playbooks, your overextended team can maintain a stronger security posture with more certainty and less effort. And with the ability for Corelight to identify suspicious files and trigger malware analysis through Google VirusTotal gives Chronicle customers and Mandiant consultants the ease and insight to detect and respond to threats faster and easier than ever.
By combining Corelight’s rich network evidence and analytics with the speed, scale, and intelligence of the Google SecOps Suite, security teams have an ideal solution to defend the enterprise more effectively, reduce alert backlogs, and accelerate investigations.

Corelight’s integration across our Chronicle SecOps suite helps our customers maximize the value from our mission- focused organizations, with the incorporation of streamlined detections and solutions that are budget friendly for organizations of all sizes.
– Marshall Heilman, CTO of Mandiant