Name: Network flow monitoring sensor | Corelight
Brand: Corelight, Inc.

Normalization of flow data for multi-layered threat detection

Corelight’s Flow Monitoring Sensor transforms raw flow logs, whether from AWS, NetFlow, or other native flow sources, into enriched, actionable security insights. By normalizing, correlating, and enhancing native flow data into Corelight’s security-focused metadata, you gain the clarity needed to accelerate investigations, detect advanced threats, and strengthen defenses across cloud, hybrid, and on-premises environments.

Complete coverage: Extend flow visibility across VPCs, containers, functions, and traditional networks
Noise reduction: Eliminate redundant data and focus on high-value insights
Standard logs: Normalize non-standard flow logs into correlated, structured Zeek logs
Accelerated detection & response: Multi-layered threat detection with context and explainability
Open & interoperable: Export enriched and standardized logs into any SIEM, data lake, or analytics tool

View all specifications

GET DATA SHEET

Corelight expands security across AWS environments

Enriched flow visibility

Corelight’s Flow Monitoring Sensor transforms raw flow logs from AWS and other sources into enriched security insights. Only Corelight combines unidirectional flow data from communicating hosts to get a complete view of all network activity.

Faster investigations

Cut investigation time from hours to minutes. With standardized, correlated Zeek logs, security analysts can quickly pivot from “What happened” to “Why it happened” across workloads, accounts, and networks.

Cost-optimized data

Native flow logs often generate overwhelming volumes of data. Only Corelight streamlines logs by normalizing and deduplicating information, reducing storage and SIEM ingestion costs while preserving critical detail.