Suricata Zeek logo mobile
+

Context is everything

Alerts icon

Analysts need answers when an alert fires

All SOC teams face the same challenge: workflows begin with an alert, but without supporting data.

Dead ends icon

But they constantly hit dead ends

For example, Tier 1 analysts may not even have a timestamp to start with, and if they do make headway, the data they need is often missing or locked away.

Linking evidence icon

Linking evidence and alerts drives better, faster decisions

Corelight’s Suricata + Zeek integration provides rich, pivotable network data to everyone in the SOC. That way they can decide if they’re looking at a false positive, or an incident, with confidence.

Build custom defenses fast

Both Suricata and Zeek let you create solutions that fit your environment. You can purchase ET Pro directly from Corelight or add any open source ruleset you want, then feed the alerts into scripts you’ve written for event handling. This customization is fast, and has real security impact, like when it allowed our community to respond to Curveball in just one day. Read more on our blog

Ruleset Icon

Ready to get started?
We're here to help:

Sales Representative - Drew Sales Representative - Burton Sales Representative - Attila

Sharing Suricata and Zeek workloads on one CPU allows for elegant scaling and superior performance.

Chip background
NIC icon Nic
Green arrow icon
Packets icon

Packets (Memory Page)
Green arrow icon
CPU image SHARED CPUs
Green arrow icon
Zeek logs icon Zeek logs
Green arrow icon
Kafka icon
Green arrow icon
Exporter icon Exporters
We use cookies on this site to provide you with a more personalized experience. Our Cookie Policy.

The Z and Design mark and the ZEEK mark are trademarks and/or registered trademarks of the International Computer Science Institute in the United States and certain other countries. The Licensed Marks are being used pursuant to a license agreement with the Institute.

© 2021 Corelight, Inc. All rights reserved.