Get The Forrester Wave™: Network Analysis And Visibility, Q2 2023 Report

GET THE REPORT >

Get The Forrester Wave™: Network Analysis And Visibility, Q2 2023 Report

GET THE REPORT >
CONTACT US
CONTACT US

START HERE

Evidence-based security

 

WHY CORELIGHT

Complete visibility

Next-level analytics

Faster investigation

Expert hunting

    CORELIGHT LABS

    Recent research

    Mission and team

    Insights

    Polaris program

      TRENDING TOPICS

      Encrypted traffic

       

      VERTICALS

      Federal
        forrester wave report 2023

        Forrester rates Corelight a strong performer

        GET THE REPORT

        OVERVIEW

        Open NDR Platform

        Analytics & detections

        MITRE ATT&CK®

         

        PRODUCTS

        Zeek®-based evidence

        IDS

        Smart PCAP

        Investigator

          SENSORS

          Appliances

          Cloud

          Software

          Virtual

          Fleet Manager

          View all products

            SERVICES

            Training

             

            ALLIANCES

            CrowdStrike

            Mandiant

            Microsoft

            Splunk

            View all

             

            USE CASES

            Case Studies

            View all
              ad-nav-crowdstrike

              Corelight now powers CrowdStrike solutions and services

              READ MORE

              ad-images-nav_0013_IDS

              Alerts, meet evidence.

              LEARN MORE ABOUT OUR IDS SOLUTION

              ad-images-nav_white-paper

              5 Ways Corelight Data Helps Investigators Win

              READ WHITE PAPER

              BLOG

              Read the latest

               

              EVENTS

              Meet with us

               

              RESOURCE CENTER

              Document Library

                GLOSSARY

                IDS False Positive

                NDR vs. XDR vs. EDR

                Digital Forensics & Incident Response (DFIR)

                Intrusion Detection System (IDS)

                NDR (Network Detection & Response)

                Packet Capture (PCAP)

                Signature-Based Detection
                    video

                    WEBINAR: Amplifying Security Insights with Corelight and Cribl

                    WATCH NOW

                    ad-images-nav_0006_Blog

                    Don't trust. Verify with evidence

                    READ BLOG

                    ABOUT US

                    About Corelight

                    Careers

                    Leadership

                    Investors

                    Newsroom

                    Apex Awards

                      CHANNEL PARTNERS

                      Partner Program

                      Deal registration

                      Partner Academy

                      Become a Partner
                          ad-nav-NDR-for-dummies

                          NDR for Dummies

                          GET THE WHITE PAPER

                          video

                          The Power of Open-Source Tools for Network Detection and Response

                          WATCH THE WEBCAST

                          ad-nav-ESG

                          The Evolving Role of NDR

                          DOWNLOAD THE REPORT

                          SUPPORT SERVICES

                          Open a ticket

                          Account login

                          Technical bulletins

                          Report a security vulnerability

                            WORLD-CLASS SUPPORT

                            Support overview
                                ad-images-nav_0006_Blog

                                Detecting 5 Current APTs without heavy lifting

                                READ BLOG

                                INVESTIGATOR

                                The only evidence-first threat investigation platform.

                                WATCH DEMO

                                investigator-screens-hero

                                 

                                INVESTIGATOR

                                The only evidence-first threat investigation platform.

                                WATCH DEMO

                                investigator-screens-hero

                                 

                                INVESTIGATOR

                                The only evidence-first threat investigation platform.

                                WATCH DEMO

                                investigator-screens-hero

                                 

                                OPEN NDR WITH NEXT-LEVEL ANALYTICS

                                Corelight Investigator combines the power of our Open NDR Platform with machine learning and other analytics into an easy-to-use, quick-to-deploy SaaS solution. We simplify SOC workflows to give your team valuable time back to triage and respond with confidence. Disrupt attacks by shifting from low-priority, reactive tasks to high-impact, proactive defense.

                                investigator-logo
                                • Accelerate triage and response
                                • Consolidate tools and datasets
                                • Alerts mapped to MITRE ATT&CK®
                                • Integrate with existing SOC tools
                                • Easy to deploy, scale, and customize
                                • Based on open, global standards

                                DOWNLOAD OVERVIEW

                                Alert Dashboard

                                 

                                Dashboards put context first

                                Investigator's intuitive, out-of-the box dashboards make it easy to understand what's happening across your network—from on-prem to the cloud. Customize your dashboards to meet the unique needs of your organization. 

                                ML Details

                                 

                                Transparent + customizable

                                Want to see what's behind your detections? Investigator shows you exactly how machine learning detections are made. Corelight makes it easy to write new rules to adapt to your unique environment. Read the blog post.

                                 

                                MITRE (1)

                                 

                                Focus on alerts that matter

                                Increase SOC performance metrics and cut through the backlog with aggregated, prioritized alerts mapped to the MITRE ATT&CK® framework. Quickly access correlated evidence in just one click, driving faster decisions and response times.

                                FAQ

                                Does Investigator replace my current SIEM?

                                Not at all. Investigator complements your existing SOC workflow and tools including SIEMs, SOAR and XDR solutions. If you do not have a SIEM, we can make Investigator’s evidence and insights available to your data lake or other tools.

                                My SOC doesn’t have dedicated threat hunters, can I still use Investigator?

                                Of course. The built-in threat hunting queries and intuitive search capabilities can turn almost any Tier 1 analyst into a threat hunter. Investigator provides network evidence and advanced analytics to your entire team, from Tier 1s doing triage to hunters chasing nation-state actors.

                                Can I customize the dashboards and queries?

                                Yes. Corelight is dedicated to making our products as open as possible. Plus, you can leverage the latest from the Zeek® and Suricata communities to further tune your analytics.

                                Why would I buy Investigator in addition to the Open NDR platform?

                                Both options leverage open source tools (Zeek® and Suricata) to transform network activity into powerful evidence. Investigator is optimized for SOCs that want its additional capabilities (including machine learning and behavioral analytics), and prefer a SaaS-based solution with built-in dashboards and queries.

                                How is Investigator sold?

                                Investigator is a SaaS-based solution that is sold as a subscription with various options for log-storage, services, and other features. Please contact us to get the latest quotes and pricing information.

                                ENVIRONMENTS

                                NEXT-LEVEL ANALYTICS

                                WEB UI

                                Have questions?

                                Talk with one of our experts today.

                                CONTACT US