SUPERCHARGE SENTINEL AND DEFENDER WITH POWERFUL NETWORK EVIDENCE
Corelight transforms network traffic into comprehensive, protocol-rich evidence that Microsoft Defender and Sentinel analysts can use to optimize their threat detection and response capabilities. By correlating metadata from over 50 protocol logs, Corelight gives SOC teams a clear picture of all network activity across their organization, including all IT, IoT, and ICS networks, so they can find and respond to threats quickly and easily.
- Complete network visibility across hybrid environments, including IT, IoT, and ICS
- Correlated network alerts, behavioral data, logs, and threat intelligence
- Advanced telemetry and analytics to support XDR and Zero Trust initiatives
- Faster investigations, better detections, and less alert fatigue
CORELIGHT FOR MICROSOFT SENTINEL
Along with native data integration, the Corelight App for Microsoft Sentinel includes pre-defined workbooks (dashboards), sample queries, and analytics rules that make SOC teams more efficient and effective.
Deploy a superior SOC visibility triad solution
Integrating Corelight network evidence into Microsoft Sentinel enables SOC analysts using Microsoft 365 Defender and Defender for Cloud address key challenges, such as visibility gaps, alert fatigue, and high adversary dwell time. This SOC Visibility Triad is the ideal foundation for your evolving XDR solution.

Network Asset Discovery & Inventory
Enhance visibility and security for devices across diverse networks by combining Microsoft Sentinel with Corelight’s Open NDR platform. Our Entity Collection and ICS/OT Collection help you discover and inventory IT and OT assets—whether managed or not.