Features & Benefits
SENSORS
Physical Sensors
Yes
Yes
DIY hardware purchase/build
DIY hardware purchase/build
Virtual Sensors for VMware & Hyper-V
Yes
Yes
No
No
Cloud Sensors for AWS, Azure, GCP
Yes
Yes
No
No
Binary Sensors for containers & Linux environments
Yes
Yes
DIY manual configuration
DIY manual configuration
ENCRYPTED INSIGHTS
Corelight Encrypted Traffic Collection
Yes
Yes
No
No
JA3 / JA3S
Yes
Yes
Yes
Yes
HASSH
Yes
Yes
Yes
Yes
C2 DETECTIONS & INSIGHTS
HTTP C2
Yes
Yes
No
No
DNS tunneling
Yes
Yes
No
No
ICMP tunneling
Yes
Yes
No
No
Domain generation algorithms
Yes
Yes
No
No
Meterpreter
Yes
Yes
No
No
SURICATA
Natively integrated
Yes
Yes
No
No
PACKET CAPTURE
Smart PCAP
Yes
Yes
No
No
PERFORMANCE
100+ Gbps per 1U sensor
Yes
Yes
3-4 Gbps max per sensor cluster
3-4 Gbps max per sensor cluster
Optimized file extraction (10,000+ files/minute)
Yes
Yes
No
No
Performance monitoring
Yes
Yes
No
No
< 1% packet loss rate
Yes
Yes
Variable, risk of > 50% loss
Variable, risk of > 50% loss
MANAGEMENT
Deployed in <15 minutes
Yes
Yes
Deployment takes weeks to months
Deployment takes weeks to months
Web management interface
Yes
Yes
Command line only
Command line only
Automatic software updates
Yes
Yes
Manual
Manual
Fleet management for up to 250 sensors
Yes
Yes
No
No
Comprehensive sensor health monitoring
Yes
Yes
No
No
RESTful API support
Yes
Yes
No
No
1-click package installation
Yes
Yes
Manual
Manual
DATA EXPORT
Export integration with SIEMs
Yes
Yes
Manual integration
Manual integration
Kafka, syslog, Amazon Kinesis, Apache Avro, SFTP
Yes
Yes
Writes to files on disk
Writes to files on disk
Default log streaming
Yes
Yes
Manual
Manual
Log stream forking to multiple destinations
Yes
Yes
No
No
DATA CONTROL
Log data reduction mode (30-50% reduction)
Yes
Yes
No
No
Filter by log type and contents
Yes
Yes
Manual
Manual
Filter by file type
Yes
Yes
No
No
Traffic shunting for large & long running flows
Yes
Yes
No
No
SECURITY & SUPPORT
Jailed processes
Yes
Yes
No
No
FIPS 140-2
Yes
Yes
No
No
Automatic security updates
Yes
Yes
No
No
Disk encryption
Yes
Yes
Manual
Manual
24/7 enterprise support from Zeek experts
Yes
Yes
No
No
ZEEK FUNCTIONALITY
Logging
Yes
Yes
Yes
Yes
File extraction
Yes
Yes
Yes
Yes
Package manager
Yes
Yes
Yes
Yes
Zeek Intel Framework
Yes
Yes
Yes
Yes
Zeek Input Framework
Yes
Yes
Yes
Yes
Zeek NetControl Framework
No
No
Yes
Yes
Zeek Notice Framework
Yes
Yes
Yes
Yes
Zeek PCAP Ingestion
Yes
Yes
Yes
Yes
Have questions?
Talk with one of our experts today.
