ANALYTICS & DETECTIONS
An evidence-based approach to understanding your environment.
ANALYTICS & DETECTIONS
An evidence-based approach to finding adversaries.

DETECT IN DEPTH
Corelight delivers a comprehensive suite of network security analytics that help organizations identify more than 75 adversarial TTPs across the MITRE ATT&CK® spectrum. These detections reveal known and unknown threats via hundreds of unique insights and alerts across machine learning, behavioral analysis, and signature-based approaches. We apply the best tool for the job, drawing on continuous detection engineering from the open source community.
Tactics including:
- Exfiltration
- Command-and-control (C2)
- Lateral movement
Techniques including:
- Exfiltration over alternative protocol
- C2 over encrypted channel
- Lateral movement via SMB
Tools & exploits including:
- Log4Shell
- Metasploit
- Cobalt Strike
Machine learning made transparent
Corelight validates its machine learning analytics in partnership with the world's largest, most attacked organizations. We make the evidence behind every machine learning conviction easily accessible so analysts can validate the alert and respond. See how it works.

EVIDENCE-FIRST ANALYTICS
Seasoned security teams know that evidence quality determines analytic outcomes. Corelight gives defenders direct access to all the evidence behind every detection to dramatically accelerate incident response and hunting.
THE RIGHT TOOL FOR THE JOB
Machine learning, behavioral analysis, and signatures each have optimal use cases. Corelight applies the best analytic to each challenge for superior alert accuracy and aggregation, extending community-driven detection engineering.
HUNT-DRIVEN DETECTIONS
When analysts have unfettered access to evidence, responding to an incident can instigate threat hunting. Those hunts, in turn, can lead to important security discoveries that drive novel detections, ultimately broadening analytics coverage.
Our analytics solutions