Products - Cloud Sensors

Cloud Sensor for AWS

            Deploys in AWS and AWS GovCloud (US)
Ingests traffic via native traffic mirrors or agent-based solutions
Rapid deployment

          

Download specifications

Deploys in AWS and AWS GovCloud (US)
Ingests traffic via native traffic mirrors or agent-based solutions
Rapid deployment

Download specifications

Quick configuration

Automatic updates

Health and performance monitoring

Zeek evidence integrated with Suricata alerts

Designed specifically for security needs, the Corelight Cloud Sensor delivers high-fidelity data for incident response, intrusion detection, forensics. It parses dozens of network protocols for a rich, actionable picture of traffic, empowering security analysts to make sense of traffic and respond to attacks far faster.

Find a Reseller

Traffic monitoring and detection

Comprehensive traffic logging for 35+ network protocols, the Core Collection and Encrypted Traffic Collection of Zeek packages, support for the Zeek Intelligence framework, and custom Zeek packages

Supported platforms

Deploys in shared M4 or M5 type Amazon EC2 instances

Monitoring interface

Monitor via native traffic mirroring or packet-forwarding agents

Software

Minimalist, custom OS based on the Linux kernel optimized for secure operation

Compatibility

Zeek log export to Kafka, Splunk, Elastic Search, syslog, Amazon S3, and SFTP

Maintenance

Automatic updates and feature enhancements

Support

World-class support from the definitive Zeek experts. Standard-level support plan included, support programs available

Cloud Sensor for Azure

            Deploys in Azure
Ingests traffic via agent-based solutions
Rapid deployment

          

Download specifications

Deploys in Azure
Ingests traffic via agent-based solutions
Rapid deployment

Download specifications

Quick configuration

Automatic updates

Health and performance monitoring

Zeek evidence integrated with Suricata alerts

Find a Reseller

Traffic monitoring and detection

Comprehensive traffic logging for 35+ network protocols, the Core Collection and Encrypted Traffic Collection of Zeek packages, support for the Zeek Intelligence framework, and custom Zeek packages

Supported platforms

Deploys in Azure Ds v3 series (D8s to D64s instances)

Monitoring interface

Monitor via packet-forwarding agents

Software

Minimalist, custom OS based on the Linux kernel optimized for secure operation

Compatibility

Zeek log export to Kafka, Splunk, Elastic Search, syslog, Amazon S3, and SFTP

Maintenance

Automatic updates and feature enhancements

Support

World-class support from the definitive Zeek experts. Standard-level support plan included, support programs available

Cloud Sensor for Google Cloud

            Deploys in Google Cloud
Ingests traffic via native traffic mirrors or agent-based solutions
Rapid deployment

          

Download specifications

Deploys in Google Cloud
Ingests traffic via native traffic mirrors or agent-based solutions
Rapid deployment

Download specifications

Quick configuration

Automatic updates

Health and performance monitoring

Zeek evidence integrated with Suricata alerts

Find a Reseller

Traffic monitoring and detection

Comprehensive traffic logging for 35+ network protocols, the Core Collection and Encrypted Traffic Collection of Zeek packages, support for the Zeek Intelligence framework, and custom Zeek packages

Supported platforms

Deploys in E2 or N1 machine types

Monitoring interface

Monitor via native traffic mirroring or packet-forwarding agents

Software

Minimalist, custom OS based on the Linux kernel optimized for secure operation

Compatibility

Zeek log export to Kafka, Splunk, Elastic Search, syslog, Amazon S3, and SFTP

Maintenance

Automatic updates and feature enhancements

Support

World-class support from the definitive Zeek experts. Standard-level support plan included, support programs available

Recent release features

Find Lateral Movement with MITRE BZAR

Corelight Sensors now ship with the MITRE BZAR package in the Core Collection, which detects lateral movement techniques in MITRE ATT&CK related to SMB and DCE-RPC traffic, such as indicators targeting Windows Admin Shares and Remote File Copy. It can also extract detection-related files to enable investigations of suspicious traffic.

Quickly investigate with Community ID

Community ID is an industry flow-identification standard that creates a common hash of the 5-tuple and appends it to Corelight’s conn.log so analysts can quickly investigate from a connection in Corelight. Access and pivot seamlessly across related logs using the community ID within your existing SIEM and correlated with existing security stack events.

Cloud Sensors

Next-level results from your SIEM

Questions? Talk to sales:

Recent release features

Find Lateral Movement with MITRE BZAR

Quickly investigate with Community ID