CONTACT US
CONTACT US

START HERE

Evidence-based security

 

WHY CORELIGHT

Complete visibility

Next-level analytics

Faster investigation

Expert hunting

    CORELIGHT LABS

    Recent research

    Mission and team

    Insights

    Polaris program

      TRENDING TOPICS

      Encrypted traffic

       

      VERTICALS

      Federal
        ad-images-nav_0001_SANs thumb

        SANS Protects: The Network

        DOWNLOAD WHITE PAPER

        ad-images-nav_0009_Threat-hunting-guide

        Threat hunting guide

        GET THE GUIDE

        OVERVIEW

        Open NDR Platform

        Analytics & detections

         

        PRODUCTS

        Zeek®-based evidence

        IDS

        Smart PCAP

        Investigator

          SENSORS

          Appliances

          Cloud

          Software

          Virtual

          Fleet Manager

          View all products

            SERVICES

            Training

             

            ALLIANCES

            CrowdStrike

            Mandiant

            Microsoft

            Splunk

            View all

             

            USE CASES

            Case Studies

            View all
              ad-nav-crowdstrike

              Corelight now powers CrowdStrike solutions and services

              READ MORE

              ad-images-nav_0013_IDS

              Alerts, meet evidence.

              LEARN MORE ABOUT OUR IDS SOLUTION

              ad-images-nav_white-paper

              5 Ways Corelight Data Helps Investigators Win

              READ WHITE PAPER

              BLOG

              Read the latest

               

              EVENTS

              Meet with us

               

              DEMOS

              Get a demo

                GLOSSARY

                IDS False Positive

                NDR vs. XDR vs. EDR

                What is Digital Forensics & Incident Response (DFIR)?

                What Is an Intrusion Detection System (IDS)?

                What Is NDR (Network Detection & Response)?

                What Is Packet Capture (PCAP)?

                What Is Signature-Based Detection?
                    ad-images-nav_0000_Thinking-like-a-threat-actor

                    Thinking like a Threat Actor: Hunting the Ghost in the Machine

                    WATCH THE WEBCAST

                    ad-images-nav_0006_Blog

                    Don't trust. Verify with evidence

                    READ BLOG

                    ABOUT US

                    About Corelight

                    Careers

                    Leadership

                    Investors

                    Newsroom

                    Apex Awards

                      CHANNEL PARTNERS

                      Partner Program

                      Deal registration

                      Partner Academy

                      Become a Partner
                          ad-nav-NDR-for-dummies

                          NDR for Dummies

                          GET THE WHITE PAPER

                          Screenshot 2023-05-15 at 12.25.41 PM

                          The Power of Open-Source Tools for Network Detection and Response

                          WATCH THE WEBCAST

                          ad-nav-ESG

                          The Evolving Role of NDR

                          DOWNLOAD THE REPORT

                          SUPPORT SERVICES

                          Open a ticket

                          Account login

                          Technical bulletins

                          Report a security vulnerability

                            WORLD-CLASS SUPPORT

                            Support overview
                                ad-images-nav_0006_Blog

                                Detecting 5 Current APTs without heavy lifting

                                READ BLOG

                                ANALYTICS & DETECTIONS

                                 An evidence-based approach to understanding your environment.

                                ANALYTICS & DETECTIONS

                                An evidence-based approach to finding adversaries. 

                                Analytics-detections-hero

                                 

                                DETECT IN DEPTH

                                Corelight delivers a comprehensive suite of network security analytics that help organizations identify more than 75 adversarial TTPs across the MITRE ATT&CK® spectrum. These detections reveal known and unknown threats via hundreds of unique insights and alerts across machine learning, behavioral analysis, and signature-based approaches. We apply the best tool for the job, drawing on continuous detection engineering from the open source community.

                                Tactics including: 
                                • Exfiltration
                                • Command-and-control (C2)
                                • Lateral movement 

                                Techniques including: 
                                • Exfiltration over alternative protocol
                                • C2 over encrypted channel
                                • Lateral movement via SMB

                                Tools & exploits including:    
                                • Log4Shell
                                • Metasploit
                                • Cobalt Strike 

                                Machine learning made transparent

                                Corelight validates its machine learning analytics in partnership with the world's largest, most attacked organizations. We make the evidence behind every machine learning conviction easily accessible so analysts can validate the alert and respond. See how it works.

                                computer-investigator-glass-medium

                                 

                                EVIDENCE-FIRST ANALYTICS

                                Seasoned security teams know that evidence quality determines analytic outcomes. Corelight gives defenders direct access to all the evidence behind every detection to dramatically accelerate incident response and hunting.  

                                THE RIGHT TOOL FOR THE JOB

                                Machine learning, behavioral analysis, and signatures each have optimal use cases. Corelight applies the best analytic to each challenge for superior alert accuracy and aggregation, extending community-driven detection engineering.

                                HUNT-DRIVEN DETECTIONS

                                When analysts have unfettered access to evidence, responding to an incident can instigate threat hunting. Those hunts, in turn, can lead to important security discoveries that drive novel detections, ultimately broadening analytics coverage.

                                 

                                Our analytics solutions

                                 

                                 

                                computer-investigator-glass-small-2
                                 

                                Investigator

                                zeek-reversed
                                 

                                Zeek®

                                alert_symbol
                                 

                                IDS

                                Corelight R&D

                                Corelight Labs

                                Corelight Polaris program

                                Community R&D

                                Zeek community analytics

                                Suricata ET Open IDS ruleset

                                Have questions?

                                Talk with one of our experts today.

                                CONTACT US