CONTACT US
forrester wave report 2023

Forrester rates Corelight a strong performer

GET THE REPORT

ad-nav-crowdstrike

Corelight now powers CrowdStrike solutions and services

READ MORE

ad-images-nav_0013_IDS

Alerts, meet evidence.

LEARN MORE ABOUT OUR IDS SOLUTION

ad-images-nav_white-paper

5 Ways Corelight Data Helps Investigators Win

READ WHITE PAPER

glossary-icon

10 Considerations for Implementing an XDR Strategy

READ NOW

ad-images-nav_0006_Blog

Don't trust. Verify with evidence

READ BLOG

ad-nav-NDR-for-dummies

NDR for Dummies

GET THE WHITE PAPER

video

The Power of Open-Source Tools for Network Detection and Response

WATCH THE WEBCAST

ad-nav-ESG

The Evolving Role of NDR

DOWNLOAD THE REPORT

ad-images-nav_0006_Blog

Detecting 5 Current APTs without heavy lifting

READ BLOG

g2-medal-best-support-ndr-winter-2024

Network Detection and Response

SUPPORT OVERVIEW

 

INTRUSION DETECTION SYSTEM

Corelight integrates high-performance signature-based alerts with network context—lowering response times and revealing attack impact.

DOWNLOAD WHITE PAPER

alert-merge-1

CLOSE THE GAP BETWEEN ALERT AND ANSWER

Knowing which alerts are dangerous, and which aren't, isn’t easy. Corelight's Open NDR Platform fuses signature-based IDS alerts from Suricata with Zeek® network evidence. This correlated package is then delivered to your SIEM, XDR, or Investigator—Corelight’s SaaS analytics solution. With this deep integration, you can accelerate identification, risk assessment, containment, and closure.

WATCH VIDEO

gap-alert-2

 

suricata3

Zero in on true positives

When an IDS alert fires, Corelight packages that alert together with all pertinent network evidence, integrating signal and context. This package contains a unique key that makes it easy for an analyst to find related data using basic SIEM queries. Read more on the blog.

Resolve critical cases with speed and accuracy 

TRIAGE

Someone attempts a SQL injection, triggering an IDS alert. How do you know if it was successful?

INVESTIGATE

See if a SSH session was scripted, if someone is typing, or if they’re moving files around.

REMEDIATE

Watch how our SOAR or XDR integration + playbooks speed up remediation. 

ANALYTICS

Intrusion detection

Signature-based alerts are linked to all the relevant evidence surrounding the attack. This gives your analysts valuable context, as well as correlation that improves further analysis. 

corelight-technology-diagram-1

 

Consolidated and fully supported

Corelight's Open NDR Platform consolidates multiple network and security data sources to provide uniform data across your cloud, physical, or container deployment. It also enables you to enrich logs and link related data. Your Technical Account Manager can lead you through the process of replacing legacy data sets.

The data you need—that’s it

Corelight can maximize the signal to noise ratio by filtering data, only providing your SIEM with just the information you need. Your Technical Account Manager will help you tune your system performance to meet organizational needs, up to hundreds of gigabits per second.

Have questions?

Talk with one of our experts today.

CONTACT US