SUPERCHARGE SENTINEL AND DEFENDER WITH POWERFUL NETWORK EVIDENCE
Corelight transforms network traffic into comprehensive, protocol-rich evidence that Microsoft Defender and Sentinel analysts can use to optimize their threat detection and response capabilities. By correlating metadata from over 50 protocol logs, Corelight gives SOC teams a clear picture of all network activity across their organization, including all IT, IoT, and ICS networks, so they can find and respond to threats quickly and easily.
- Complete network visibility across hybrid environments, including IT, IoT, and ICS
- One network telemetry source for Sentinel, Defender for IoT, and 365 Defender
- Advanced telemetry and analytics to support XDR and Zero Trust initiatives
- Faster investigations, better detections, and less alert fatigue
MICROSOFT SENTINEL
Along with native data integration, the Corelight App for Microsoft Sentinel includes pre-defined workbooks (dashboards), sample queries, and analytics rules that make SOC teams more efficient and effective.
Deploy a superior SOC visibility triad solution
Integrating Corelight network evidence into Microsoft’s Sentinel and Defender platforms enables you to address key SOC challenges, such as visibility gaps, alert fatigue, and high adversary dwell time. We’ve done the work so you can deploy a proven SOC visibility triad solution now.

Customers who have deployed Corelight can secure their entire IoT and OT environments with Microsoft 365 Defender and Defender for IoT within minutes while adding more detections based on encrypted traffic analysis and complementing Microsoft's MITRE ATT&CK coverage.
– Nir Giller, Microsoft Defender for IoT group manager
Microsoft Defender for IoT + Corelight
Discover devices across your organization by combining Microsoft Defender for IoT with Corelight’s world-class network detection and response. Our deep integration shows you the IT and IoT devices on your network—whether managed or not.