Partners
          Get Started
          Get Started

          Cloud Sensors

          Visibility for faster investigations and smarter threat hunting.

          Corelight’s Cloud Security Solutions provide deep visibility into cloud activity. By transforming cloud traffic into comprehensive evidence and actionable insights, these solutions enable you to detect and respond to threats that target cloud workloads.



          Cloud-icon
          Cloud Sensor for AWS Cloud Sensor for AWS
          • Deploys in AWS and AWS GovCloud (US)
          • Ingests traffic via native traffic mirrors or agent-based solutions
          • Rapid deployment
          Download specifications
          icon-expander icon-collapser
          Cloud Sensor for Azure Cloud Sensor for Azure
          • Deploys in Azure
          • Ingests traffic via agent-based solutions
          • Rapid deployment
          Download specifications
          icon-expander icon-collapser
          Cloud Sensor for Google Cloud Cloud Sensor for Google Cloud
          • Deploys in Google Cloud
          • Ingests traffic via native traffic mirrors or agent-based solutions
          • Rapid deployment
          Download specifications
          icon-expander Cloud Sensor for Azure

          Next-level results from your SIEM

          Instead of a hodgepodge of random sources that don't capture what you need, Corelight feeds your SIEM with rich, security-centric logs that accelerate incident response and threat hunting workflows. Export Corelight’s logs to Splunk, Elastic, Humio, or just about any SIEM in minutes.

          ig-website-splunk-logo-productsig-website-elastic-logo-productsig-humio-logo-black-tech-partners

           

          person looking at monitor

          Recent release features

          Find Lateral Movement with MITRE BZAR

          Corelight Sensors now ship with the MITRE BZAR package in the Core Collection, which detects lateral movement techniques in MITRE ATT&CK related to SMB and DCE-RPC traffic, such as indicators targeting Windows Admin Shares and Remote File Copy. It can also extract detection-related files to enable investigations of suspicious traffic.

          Quickly investigate with Community ID

          Community ID is an industry flow-identification standard that creates a common hash of the 5-tuple and appends it to Corelight’s conn.log so analysts can quickly investigate from a connection in Corelight. Access and pivot seamlessly across related logs using the community ID within your existing SIEM and correlated with existing security stack events.