Corelight Sensors transform network traffic into rich logs, extracted files, and custom insights via Zeek (formerly known as Bro), a powerful, open-source network security monitor used by thousands of organizations worldwide. Make quick sense of traffic so you can resolve incidents faster and threat hunt more effectively.
Watch our webcast to learn how it works in AWS.
Education First is a global firm with 40,000 employees. After deploying Corelight Sensors, their security team saw incredible impact. Their average incident response time dropped from hours to minutes thanks to Corelight’s network logs that allowed them to make lightning-fast sense of their traffic.
Your next security investment should maximize attack surface coverage, deploy fast, generate reliable data, and (ideally) have zero impact on operations. Corelight excels on all counts.
Your SIEM success depends on the data you feed it. Stop sending Netflow and other low quality, “side-effect” network logs to your SIEM and replace them with Corelight’s rich, protocol-comprehensive logs that accelerate incident response and threat hunting workflows in your SIEM. Export Corelight’s Zeek logs to Splunk, Elastic, QRadar, Spark or just about any data tool of your choice in a matter of minutes.
Corelight Sensors now ship with the MITRE BZAR package in the Core Collection, which detects lateral movement techniques in MITRE ATT&CK related to SMB and DCE-RPC traffic, such as indicators targeting Windows Admin Shares and Remote File Copy. It can also extracts detection-related files to enable investigations of suspicious traffic.
Community ID is an industry flow-identification standard that creates a common hash of the 5-tuple and appends it to Corelight’s conn.log so analysts can quickly pivot on a connection in Corelight to and from equivalent flows in tools such as Suricata, Elastic, Moloch and more.
