Appliance Sensors

Enterprise-grade Zeek® sensors in a hardware form factor.

Corelight-Appliance-icon-reflection-Large
Corelight AP 5000 Sensor Corelight AP 5000 Sensor

icon-expander icon-collapser
Corelight AP 3000 Sensor Corelight AP 3000 Sensor

icon-expander icon-collapser
Corelight AP 1001 Sensor Corelight AP 1001 Sensor

icon-expander icon-collapser
Corelight AP 200 Sensor Corelight AP 200 Sensor

icon-expander icon-collapser

Next-level results from your SIEM

Instead of a hodgepodge of random sources that don't capture what you need, Corelight feeds your SIEM with rich, security-centric logs that accelerate incident response and threat hunting workflows. Export Corelight’s logs to Splunk, Elastic, Humio, or just about any SIEM in minutes.

ig-website-splunk-logo-productsig-website-elastic-logo-productsig-humio-logo-black-tech-partners

 

person looking at monitor

Deploy in minutes

Our plug and play sensors make deploying Zeek and Suricata fast and straightforward, no matter where you need them. Each is preloaded with packages and detections that maximize your ability to discover abnormalities and stop attackers. 

  • Management GUI with optional Fleet Manager
  • Industry-leading speeds up to 100 Gbps per 1U sensor
  • Enterprise support from open source experts
ig-siem-stack-570

Recent release features

Find Lateral Movement with MITRE BZAR

Corelight Sensors now ship with the MITRE BZAR package in the Core Collection, which detects lateral movement techniques in MITRE ATT&CK related to SMB and DCE-RPC traffic, such as indicators targeting Windows Admin Shares and Remote File Copy. It can also extract detection-related files to enable investigations of suspicious traffic.

Quickly investigate with Community ID

Community ID is an industry flow-identification standard that creates a common hash of the 5-tuple and appends it to Corelight’s conn.log so analysts can quickly investigate from a connection in Corelight. Access and pivot seamlessly across related logs using the community ID within your existing SIEM and correlated with existing security stack events.