Cloud Threat Detection & Response (Cloud Sensors)

Cloud Sensor for AWS

            Deploys in AWS – SaaS and self-managed options available
Provides security-centric, correlated evidence, and detections to disrupt threats targeting AWS workloads
Reduces friction by providing uniformity in visibility and SOC workflow integration

          

Download specifications

Deploys in AWS – SaaS and self-managed options available
Provides security-centric, correlated evidence, and detections to disrupt threats targeting AWS workloads
Reduces friction by providing uniformity in visibility and SOC workflow integration

Download specifications

Quick deployment

Zero maintenance

Health and performance monitoring

Zeek evidence integrated with Suricata alerts

Designed for SecOps to extend NDR to the cloud, Corelight Cloud Sensor for AWS delivers comprehensive evidence for incident response, intrusion detection, and forensics. It parses dozens of network protocols for a rich, actionable picture of traffic, empowering security analysts to accelerate incident response and threat hunting.

Find a Reseller

Traffic monitoring and detection

Comprehensive traffic logging for 35+ network protocols, the Core Collection and Encrypted Traffic Collection of Zeek packages, support for the Zeek Intelligence framework, and custom Zeek packages

Monitoring interface

Monitor via native traffic mirroring or packet-forwarding agents

Compatibility

Integrates and complements your existing SOC workflow, including Corelight Investigator, SIEM and XDR solutions, and analysis tools.

Maintenance

Zero-maintenance required with our SaaS solution, automatic updates and feature enhancements with our Self-Managed solution

Support

World-class support from the definitive Zeek experts. Standard-level support plan included, support programs available

Cloud Sensor for Azure

            Deploys in Azure
Ingests traffic via agent-based solutions
Rapid deployment

          

Download specifications

Deploys in Azure
Ingests traffic via agent-based solutions
Rapid deployment

Download specifications

Quick configuration

Automatic updates

Health and performance monitoring

Zeek evidence integrated with Suricata alerts

Designed specifically for security needs, the Corelight Cloud Sensor delivers high-fidelity data for incident response, intrusion detection, forensics. It parses dozens of network protocols for a rich, actionable picture of traffic, empowering security analysts to make sense of traffic and respond to attacks far faster.

Find a Reseller

Traffic monitoring and detection

Comprehensive traffic logging for 35+ network protocols, the Core Collection and Encrypted Traffic Collection of Zeek packages, support for the Zeek Intelligence framework, and custom Zeek packages

Supported platforms

Deploys in Azure Ds v3 series (D8s to D64s instances)

Monitoring interface

Monitor via packet-forwarding agents

Software

Minimalist, custom OS based on the Linux kernel optimized for secure operation

Compatibility

Zeek log export to Kafka, Splunk, Elastic Search, syslog, Amazon S3, and SFTP

Maintenance

Automatic updates and feature enhancements

Support

World-class support from the definitive Zeek experts. Standard-level support plan included, support programs available

Cloud Sensor for Google Cloud

            Deploys in Google Cloud
Ingests traffic via native traffic mirrors or agent-based solutions
Rapid deployment

          

Download specifications

Deploys in Google Cloud
Ingests traffic via native traffic mirrors or agent-based solutions
Rapid deployment

Download specifications

Quick configuration

Automatic updates

Health and performance monitoring

Zeek evidence integrated with Suricata alerts

Find a Reseller

Traffic monitoring and detection

Comprehensive traffic logging for 35+ network protocols, the Core Collection and Encrypted Traffic Collection of Zeek packages, support for the Zeek Intelligence framework, and custom Zeek packages

Supported platforms

Deploys in E2 or N1 machine types

Monitoring interface

Monitor via native traffic mirroring or packet-forwarding agents

Software

Minimalist, custom OS based on the Linux kernel optimized for secure operation

Compatibility

Zeek log export to Kafka, Splunk, Elastic Search, syslog, Amazon S3, and SFTP

Maintenance

Automatic updates and feature enhancements

Support

World-class support from the definitive Zeek experts. Standard-level support plan included, support programs available

Recent release features

Find Lateral Movement with MITRE BZAR

Corelight Sensors now ship with the MITRE BZAR package in the Core Collection, which detects lateral movement techniques in MITRE ATT&CK related to SMB and DCE-RPC traffic, such as indicators targeting Windows Admin Shares and Remote File Copy. It can also extract detection-related files to enable investigations of suspicious traffic.

Quickly investigate with Community ID

Community ID is an industry flow-identification standard that creates a common hash of the 5-tuple and appends it to Corelight’s conn.log so analysts can quickly investigate from a connection in Corelight. Access and pivot seamlessly across related logs using the community ID within your existing SIEM and correlated with existing security stack events.

Cloud Sensors

Next-level results from your SIEM

Questions? Talk to sales:

Recent release features

Find Lateral Movement with MITRE BZAR

Quickly investigate with Community ID