suricata-dots-fade
Suricata-zeek
Suricata
+
Zeek

Put defenders on top with IDS alerts integrated into evidence

Intrusion detection with Corelight

Alert Shadow
Alert Shadow
Alert Shadow
Alert Shadow

CONTEXT IS EVERYTHING

Analysts need answers when an alert fires

Analysts need answers when an alert fires

All SOC teams face the same challenge: workflows begin with an alert, but without supporting data.

But they constantly hit dead ends

But they constantly hit dead ends

For example, Tier 1 analysts may not even have a timestamp to start with, and if they do make headway, the data they need is often missing or locked away.

Linking evidence and alerts drives

Linking evidence and alerts drives better, faster decisions

Corelight’s Suricata + Zeek integration provides rich, pivotable network data to everyone in the SOC. That way they can decide if they’re looking at a false positive, or an incident, with confidence.

Evolve your detection capabilities

Respond quickly to new threats like Curveball in just one day. With Corelight you can create alerts and investigative workflows that fit your environment, and run both open source and commercial IDS rulesets (e.g., ET Pro) to feed alerts into custom event handling scripts. Customization is fast and simple. Read more

web-update-suricata-page-92b6225

Sharing Suricata IDS and Zeek workloads on one CPU allows for elegant scaling and superior performance.

Nic Nic
corelight
Packets Packets (Memory Page)
corelight
corelight
Zeek logs Zeek logs
corelight
Kafka
corelight
Exporters Exporters
Suricata Plus