Disrupt attacks by shifting from low priority, reactive tasks to high-impact, proactive defense
Corelight Investigator, a SaaS-based network detection and response solution, integrates rich network evidence with machine learning and other analytics. It dramatically simplifies Tier 1 workflows, so your team has more time for hunting and response — activities that move faster than ever with our intuitive log query engine.
- Integrates with SOC workflow
- SaaS deployment, scale, and use
- Built-in security
- Access to all alerts + evidence
- Easily customized
- Based on open, global standards
Dashboards put context first
Investigator’s intuitive, out-of-the box dashboards make it easy to understand what’s happening in hybrid and multi-cloud environments. Plus, you can customize them to meet the unique needs of your organization.
Transparent + customizable
Our machine learning and new analytics from Corelight Labs are totally open, allowing you to peek under the hood and write new detections.
Focus on alerts that matter
Cut through the backlog with aggregated, prioritized alerts. Severity scoring correlated to evidence means faster decisions and response times.
Turn your analysts into elite hunters
Any analyst can quickly pick up our powerful log query engine and use it to find what they need in live or historic logs.
Investigator turns evidence into insight
Not at all. Investigator complements your existing SOC workflow and tools - including SIEMs, SOAR and XDR solutions. If you do not have a SIEM we can work with your existing data lake and other solutions to make sure that the evidence and insights gained through our platform are exported back into other toolsets in your environment.
Yes! The built-in threat hunting queries and intuitive search capabilities can turn almost any Tier 1 analyst into a threat hunter. Investigator provides network evidence and advanced analytics to your entire team, from Tier 1s doing triage, to hunters chasing nation-state actors, to executives who need to get a handle on your security posture.
Yes. And not only that but you can leverage the continuous insights from our Zeek and Suricata communities to further tune your analytics.
Both platforms leverage the power of our open source communities (Zeek and Suricata) to transform network and cloud activity into powerful evidence. Investigator is optimized for SOCs that a) want the additional capabilities that machine learning and behavioral analytics bring and b) prefer a SaaS-based solution that has built-in dashboards and queries.
Investigator is a SaaS-based solution that is sold as a subscription with various options for log-storage, services and other features. Please contact us to get the latest quotes and pricing information.