CONTACT US
ad-images-nav_0001_SANs thumb

SANS Protects: The Network

DOWNLOAD WHITE PAPER

ad-images-nav_0009_Threat-hunting-guide

Threat hunting guide

GET THE GUIDE

ad-nav-crowdstrike

Corelight now powers CrowdStrike solutions and services

READ MORE

ad-images-nav_0013_IDS

Alerts, meet evidence.

LEARN MORE ABOUT OUR IDS SOLUTION

ad-images-nav_white-paper

5 Ways Corelight Data Helps Investigators Win

READ WHITE PAPER

ad-images-nav_0000_Thinking-like-a-threat-actor

Thinking like a Threat Actor: Hunting the Ghost in the Machine

WATCH THE WEBCAST

ad-images-nav_0006_Blog

Don't trust. Verify with evidence

READ BLOG

ad-nav-NDR-for-dummies

NDR for Dummies

GET THE WHITE PAPER

ad-nav-video

The Power of Open-Source Tools for Network Detection and Response

WATCH THE WEBCAST

ad-nav-ESG

The Evolving Role of NDR

DOWNLOAD THE REPORT

ad-images-nav_0006_Blog

Detecting 5 Current APTs without heavy lifting

READ BLOG

ANALYTICS & DETECTIONS

 An evidence-based approach to understanding your environment.

ANALYTICS & DETECTIONS

An evidence-based approach to finding adversaries. 

Analytics-detections-hero

 

DETECT IN DEPTH

Corelight delivers a comprehensive suite of network security analytics that help organizations identify more than 75 adversarial TTPs across the MITRE ATT&CK® spectrum. These detections reveal known and unknown threats via hundreds of unique insights and alerts across machine learning, behavioral analysis, and signature-based approaches. We apply the best tool for the job, drawing on continuous detection engineering from the open source community.

Tactics including: 
  • Exfiltration
  • Command-and-control (C2)
  • Lateral movement 

Techniques including: 
  • Exfiltration over alternative protocol
  • C2 over encrypted channel
  • Lateral movement via SMB

Tools & exploits including:    
  • Log4Shell
  • Metasploit
  • Cobalt Strike 

Machine learning made transparent

Corelight validates its machine learning analytics in partnership with the world's largest, most attacked organizations. We make the evidence behind every machine learning conviction easily accessible so analysts can validate the alert and respond. See how it works.

computer-investigator-glass-medium

 

EVIDENCE-FIRST ANALYTICS

Seasoned security teams know that evidence quality determines analytic outcomes. Corelight gives defenders direct access to all the evidence behind every detection to dramatically accelerate incident response and hunting.  

THE RIGHT TOOL FOR THE JOB

Machine learning, behavioral analysis, and signatures each have optimal use cases. Corelight applies the best analytic to each challenge for superior alert accuracy and aggregation, extending community-driven detection engineering.

HUNT-DRIVEN DETECTIONS

When analysts have unfettered access to evidence, responding to an incident can instigate threat hunting. Those hunts, in turn, can lead to important security discoveries that drive novel detections, ultimately broadening analytics coverage.

 

Our analytics solutions

 

 

Community R&D

Zeek community analytics

Suricata ET Open IDS ruleset

Have questions?

Talk with one of our experts today.

CONTACT US