Cyber Threat Investigator (Corelight Investigator)

REDUCE TRIAGE TIME BY UP TO 50%

Corelight Investigator reduces the time required to conduct a thorough analysis, enabling analysts to make informed decisions faster. We simplify network complexity for analysts by delivering prioritized alerts, automating workflows, and leveraging AI to explain the expert level data needed for triage in plain language while reducing SIEM ingest.

INVESTIGATOR

Accelerate triage and incident response
Reduce SIEM ingest (and cost)
Increase detection coverage
Consolidate tools and datasets
Integrate with existing SOC tools
Easy to deploy, scale, and customize
Based on open, global standards

Accelerate incident response

Investigator streamlines and accelerates analyst workflows. Prioritized alerts direct analysts to a single-page triage experience, enriched with simplified explanations of pre-correlated data, powered by AI. Analysts are a click away from raw data including logs and PCAP for deeper analysis.

AI explainers and summarizations
Interactive visual timeline
Triage history

Expand detection coverage

Investigator enables SOC teams to disrupt attacks by delivering the broadest range of detection capabilities and the ability to customize and tune based on your team’s requirements.

Transparent AI/ML models
Behavioral, signature, threat intel and queries
Comprehensive MITRE ATT&CK approaches to uncover 80+ techniques, with deep visibility into adversary methods used for Defense Evasion, Credential Access, Discovery, and Command and Control.

investigator-threat-analysis-screen

Increase SOC efficiency

Investigator empowers analysts to make informed decisions quickly by capturing all the critical data needed for comprehensive threat analysis. Automated workflows, AI-explainers, and triage history help address skill gaps and analyst shortages.