CONTACT US
forrester wave report 2023

Close your ransomware case with Open NDR

SEE HOW

Download our free guide to find hidden attackers.

Find hidden attackers with Open NDR

SEE HOW

cloud-network

Corelight announces cloud enrichment for AWS, GCP, and Azure

READ MORE

corelight partner programe guide

Corelight's partner program

VIEW PROGRAM

glossary-icon

10 Considerations for Implementing an XDR Strategy

READ NOW

ad-images-nav_0006_Blog

Don't trust. Verify with evidence

READ BLOG

video

The Power of Open-Source Tools for Network Detection and Response

WATCH THE WEBCAST

ad-nav-ESG

The Evolving Role of NDR

DOWNLOAD THE REPORT

ad-images-nav_0006_Blog

Detecting 5 Current APTs without heavy lifting

READ BLOG

g2-medal-best-support-spring-2024

Network Detection and Response

SUPPORT OVERVIEW

 

ENTITY COLLECTION

Track everything connected to your network and build a foundation for discovery, profiling, and inventory.

READ WHITE PAPER

entity

NETWORK ASSET DISCOVERY AND INVENTORY

Asset inventory management is notoriously difficult in large enterprise environments, where an ever-changing inventory of unknown, unmanaged entities traverse the network. The Corelight Entity Collection, part of the Open NDR Platform, gives security teams powerful identification capabilities for applications, devices, services, certs, hosts, and more. This helps them more comprehensively map and defend their environment—learn more on the blog.

The Entity Collection delivers visibility around specific entity activity, for example, revealing all hosts that have used SSH in the past 24 hours. This capability helps your team understand if high value assets have been compromised by insider threats or adversaries leveraging stolen SSH credentials. Read our blog post about detecting vulnerable Boa servers.

Corelight Collections are detection sets included with every Corelight subscription and can be activated depending on your needs.

 

  • Identify known apps and new local subnets
  • Discover activity related to hosts, devices, services, names, certs, domains, and users
  • See current entity activity and track it over time
  • See also: Encrypted Traffic Collection


GET A DEMO

How it works

The Corelight Entity Collection identifies 80+ different applications (e.g., BitTorrent, Gmail traffic, TeamViewer) and writes them to a new connection log field, ensuring that analysts have easy access to connection context in order to accurately identify traffic, reducing need for additional pivots and lookups. Corelight also generates a notice.log every hour summarizing the local subnets observed, allowing for evidence and analytics by giving security teams the knowledge needed to correct local network settings.

Corelight also generates logs that summarize activity over time specific to different entity types such as hosts, devices, and services. This pre-aggregation of entity activity in a single log format saves analysts considerable time that would otherwise be spent manually querying larger datasets to arrive at those same insights.

ANALYTICS

Corelight Collections

Collections are targeted categories of detections, inferences, and data transformation that provide deeper visibility into adversary activity. They cover encrypted traffic, command and control activity, entity activity, ICS/OT visibility, and more. Detections are viewable through Corelight Investigator, or via a SIEM, XDR, or other analytics platform.

corelight-technology-diagram-1

 

Have questions?

Talk with one of our experts today.

CONTACT US