Get Started

          Appliance Sensors


          Enterprise-grade Zeek sensors in a hardware form factor.

          Enterprise-grade Zeek sensors in a hardware form factor.

          ig-sensor-ap5000-3de0ae2 Corelight AP 5000 Sensor

          icon-expander icon-collapser
          Corelight AP 3000 Sensor Corelight AP 3000 Sensor

          icon-expander icon-collapser
          Corelight AP 1001 Sensor Corelight AP 1001 Sensor

          icon-expander icon-collapser
          Corelight AP 200 Sensor Corelight AP 200 Sensor

          icon-expander icon-collapser

          Next-level results from your SIEM

          Your SIEM success depends on the data you feed it. Stop sending Netflow and other low quality, “side-effect” network logs to your SIEM and replace them with Corelight’s rich, protocol-comprehensive logs that accelerate incident response and threat hunting workflows in your SIEM. Export Corelight’s Zeek logs to Splunk, Elastic, QRadar, Spark or just about any data tool of your choice in a matter of minutes.

          Splunk Traffic

          The security stack, elevated

          • Transform raw packets into security "ground truth"
          • Better network data = better security analytics
          • A flexible technology stack for all environments
          Security Stack

          Recent release features

          Find Lateral Movement with MITRE BZAR

          Corelight Sensors now ship with the MITRE BZAR package in the Core Collection, which detects lateral movement techniques in MITRE ATT&CK related to SMB and DCE-RPC traffic, such as indicators targeting Windows Admin Shares and Remote File Copy. It can also extract detection-related files to enable investigations of suspicious traffic.

          Quickly investigate with Community ID

          Community ID is an industry flow-identification standard that creates a common hash of the 5-tuple and appends it to Corelight’s conn.log so analysts can quickly investigate from a connection in Corelight. Access and pivot seamlessly across related logs using the community ID within your existing SIEM and correlated with existing security stack events.