CONTACT US
forrester wave report 2023

Close your ransomware case with Open NDR

SEE HOW

ad-nav-crowdstrike

Corelight now powers CrowdStrike solutions and services

READ MORE

ad-images-nav_0013_IDS

Alerts, meet evidence.

LEARN MORE ABOUT OUR IDS SOLUTION

ad-images-nav_white-paper

5 Ways Corelight Data Helps Investigators Win

READ WHITE PAPER

glossary-icon

10 Considerations for Implementing an XDR Strategy

READ NOW

ad-images-nav_0006_Blog

Don't trust. Verify with evidence

READ BLOG

video

The Power of Open-Source Tools for Network Detection and Response

WATCH THE WEBCAST

ad-nav-ESG

The Evolving Role of NDR

DOWNLOAD THE REPORT

ad-images-nav_0006_Blog

Detecting 5 Current APTs without heavy lifting

READ BLOG

g2-medal-best-support-spring-2024

Network Detection and Response

SUPPORT OVERVIEW

 

SMART PCAP

Accelerate investigations with precise packet capture and one-click SIEM retrievals. 

smart-pcap-hero

 

STORE PACKETS LONGER, FIND THEM FASTER

Smart PCAP is a highly efficient approach to packet capture that links Zeek® logs, extracted files, and detections with just the packets you need for investigation.

Corelight's Smart PCAP gives security teams complete control over packet capture. Compared to full PCAP, it extends investigation lookback windows from days to weeks or months by capturing only the packets needed. Accelerate investigations by pivoting quickly from Corelight alerts to PCAP files with one-click packet retrieval right from your SIEM.

WATCH VIDEO
smart-pcap-logo
  • Up to 10x longer lookback windows vs. full PCAP
  • Set precise, powerful rules to capture only useful packets
  • Flexible storage options via Corelight, BYO hardware, or the cloud (S3)
  • Pivot quickly from alert to PCAP files with one-click retrieval via SIEM or Investigator

READ WHITE PAPERGET A DEMO

How it works

With Corelight Sensors in place, you can configure external packet storage via Corelight, BYO hardware, or cloud storage (Amazon S3). Corelight’s sensor management console lets analysts create new capture rules at configurable byte-depths based on capture triggers such as alerts, protocol type, and encryption status. Analysts can then retrieve packets via their SIEM or Corelight Investigator by clicking the PCAP URL embedded in the connection log, which opens the packets in Wireshark for further analysis. 

conn-log-pcap

 

spcap-screen

100% network coverage

Configure Smart PCAP to capture packets for all connections not already captured via Corelight logs, and also capture the first 2,000 bytes of all unencrypted traffic. This configuration drives comprehensive network visibility by giving security teams a source of evidence for every connection in their environment via Corelight logs, captured packets, or both. 

EVIDENCE

Smart PCAP

Corelight Smart PCAP tracks protocol activity across ports, and directly integrates with the security gold-standard for network evidence—Zeek—as part of the Open NDR Platform.

corelight-technology-diagram-1

 

Have questions?

Talk with one of our experts today.

CONTACT US