Turn network traffic into security visibility.

Corelight Sensors transform network traffic into rich logs, extracted files, and custom insights via Zeek (formerly known as Bro), a powerful, open-source network security monitor used by thousands of organizations worldwide. Make quick sense of traffic so you can resolve incidents faster and threat hunt more effectively.

aws-webcast icon Watch our webcast to learn how it works in AWS.

Hero-cloud-image
Hero-ap-sensor-image

Compare To Open-Source Zeek

Zeek expert? The biggest risk to your company's security might be you.

We love open-source Zeek, just like you. But when it comes to production deployment, usually the incident responders or threat hunters who know Zeek become the sys admins too, and that poses a risk to your company. Read more in Seth's blog post.

Besides, don't you have better things to do?

When you deploy a Corelight Sensor, you're getting the expertise of Zeek's creators packaged into a high performance appliance. You and your team can spend your time defending your network, not keeping Zeek patched, upgraded, integrated and running.

Corelight Sensors are built to ensure Zeek is secure, easy to integrate, higher performing and not suceptible to inadvertent misconfiguration.

Secured for greater security.

Since we started developing the first Corelight Sensor in 2016, we thought about security, from the operating system on up. Every Zeek feature we enable in the Sensor gets thorough design consideration from the creators of Zeek, so you can be sure your deployment is as secure as possible.

Get the best minds in a box.

Zeek was created in 1995 by Corelight's chief scientist, Vern Paxson. Since then Zeek's co-founders and their colleagues have been improving Zeek, culminating in the development of the Corelight Sensor. When you buy one, you're buying decades of person-years of Zeek expertise born from hundreds of real-world production deployments.

“Corelight was the easiest product to use. Setting up their appliance took me only 15 minutes, fully integrated.”

Compare the Corelight Sensor to open-source Zeek.

Most Zeek users start with open-source. We get it (we built it!). But at some point you may be wondering whether it’s time for an enterprise solution. Here are the key differences.

Features & Benefits
Open-source Zeek
Flexible and simple data export
Yes
No
Web management UI
Yes
No
Hardware accelerated NIC
Included
Separate purchase required
Analysis throughput, per sensor
Up to 25 Gbps
3-4 Gbps
3rd party integrations
Yes
No
LDAP support
Yes
No
Support for Zeek Intelligence Framework
Yes
Yes
Support Zeek Input Framework
Yes
Yes
Streaming data export
Yes
No
Shunting of large flows
Yes
Separate NIC purchase required
Optimized file extraction
Yes
No
Filtering to control export volume
Yes
No
Comprehensive API
Yes
No
Performance charts
Yes
No
Geolocation
Yes
No
Encrypted drives
Yes
System implementation required
Zeek logs
Yes
Yes
FIPS Certified
Yes
No
Support for custom scripts and the Zeek Package Manager
Yes
Yes
Support
Commercial support from the creators of Bro
Community mailing lists
Staff required for deployment
Minimal—appliance model
Zeek experts and systems specialists
Updates and maintenance
Automatic updates, optional real-time monitoring
Manual patching, tuning, and updating required
Time for deployment
Application configuration in minutes
Typically weeks to months
Flexible and simple data export
Yes
Open-Source Bro
No
Web management UI
Yes
Open-Source Bro
No
Hardware accelerated NIC
Included
Open-Source Bro
Separate purchase required
Analysis throughput, per sensor
Up to 25 Gbps
Open-Source Bro
3-4 Gbps
3rd party integrations
Yes
Open-Source Bro
No
LDAP support
Yes
Open-Source Bro
No
Support for Zeek Intelligence Framework
Yes
Open-Source Bro
Yes
Support Zeek Input Framework
Yes
Open-Source Bro
Yes
Streaming data export
Yes
Open-Source Bro
No
Shunting of large flows
Yes
Open-Source Bro
Separate NIC purchase required
Optimized file extraction
Yes
Open-Source Bro
No
Filtering to control export volume
Yes
Open-Source Bro
No
Comprehensive API
Yes
Open-Source Bro
No
Performance charts
Yes
Open-Source Bro
No
Geolocation
Yes
Open-Source Bro
No
Encrypted drives
Yes
Open-Source Bro
System implementation required
Zeek logs
Yes
Open-Source Bro
Yes
FIPS Certified
Yes
Open-Source Bro
No
Support for custom scripts and the Zeek Package Manager
Yes
Open-Source Bro
Yes
Support
Commercial support from the creators of Bro
Open-Source Bro
Community mailing lists
Staff required for deployment
Minimal—appliance model
Open-Source Bro
Zeek experts and systems specialists
Updates and maintenance
Automatic updates, optional real-time monitoring
Open-Source Bro
Manual patching, tuning, and updating required
Time for deployment
Application configuration in minutes
Open-Source Bro
Typically weeks to months