Skip to content
  • There are no suggestions because the search field is empty.
PROTECTING OVER $1B IN DAILY TRADES
DEFENDING ENERGY FOR 32+M U.S. USERS
SECURING NETWORKS FOR 52K+ TRANSPORT VEHICLES
PROTECTING OVER $10T IN MANAGED ASSETS
SECURING 16+M ANNUAL PATIENT VISITS
+1(888) 547-9497
Product

Entity collection

Track everything connected to your network and build a foundation for discovery, profiling, and inventory.

Read white paper

Network asset discovery and inventory

Asset inventory management is notoriously difficult in large enterprise environments, where an ever-changing inventory of unknown, unmanaged entities traverse the network. The Corelight Entity Collection, part of the Open NDR Platform, gives security teams powerful identification capabilities for applications, devices, services, certs, hosts, and more. This helps them more comprehensively map and defend their environment—learn more on the blog.

The Entity Collection delivers visibility around specific entity activity, for example, revealing all hosts that have used SSH in the past 24 hours. This capability helps your team understand if high value assets have been compromised by insider threats or adversaries leveraging stolen SSH credentials. Read our blog post about detecting vulnerable Boa servers.

Corelight Collections are detection sets included with every Corelight subscription and can be activated depending on your needs.

  • Identify known apps and new local subnets
  • Discover activity related to hosts, devices, services, names, certs, domains, and users
  • See current entity activity and track it over time
  • See also: Encrypted Traffic Collection
Get a demo
entity-collection-network-section

How it works

The Corelight Entity Collection identifies 80+ different applications (e.g., BitTorrent, Gmail traffic, TeamViewer) and writes them to a new connection log field, ensuring that analysts have easy access to connection context in order to accurately identify traffic, reducing need for additional pivots and lookups. Corelight also generates a notice.log every hour summarizing the local subnets observed, allowing for evidence and analytics by giving security teams the knowledge needed to correct local network settings.

Corelight also generates logs that summarize activity over time specific to different entity types such as hosts, devices, and services. This pre-aggregation of entity activity in a single log format saves analysts considerable time that would otherwise be spent manually querying larger datasets to arrive at those same insights.

Watch video