All SOC teams face the same challenge: workflows begin with an alert, but without supporting data.
For example, Tier 1 analysts may not even have a timestamp to start with, and if they do make headway, the data they need is often missing or locked away.
Corelight’s Suricata + Zeek integration provides rich, pivotable network data to everyone in the SOC. That way they can decide if they’re looking at a false positive, or an incident, with confidence.
Both Suricata and Zeek let you create solutions that fit your environment. You can load any open-source ruleset you want, then feed the alerts into scripts you've written for event handling. This customization is fast, and has real security impact, like when it allowed our community to respond to Curveball in just one day. Read more on our blog