Put defenders on top with IDS alerts integrated into evidence

Intrusion detection with Corelight

Get the whitepaper now

CONTEXT IS EVERYTHING

Analysts need answers when an alert fires

All SOC teams face the same challenge: workflows begin with an alert, but without supporting data.

But they constantly hit dead ends

For example, Tier 1 analysts may not even have a timestamp to start with, and if they do make headway, the data they need is often missing or locked away.

Linking evidence and alerts drives better, faster decisions

Corelight’s Suricata + Zeek integration provides rich, pivotable network data to everyone in the SOC. That way they can decide if they’re looking at a false positive, or an incident, with confidence.

Evolve your detection capabilities

Respond quickly to new threats like Curveball in just one day. With Corelight you can create alerts and investigative workflows that fit your environment, and run both open source and commercial IDS rulesets (e.g., ET Pro) to feed alerts into custom event handling scripts. Customization is fast and simple. Read more

Ready to get started?
We're here to help:

Sharing Suricata IDS and Zeek workloads on one CPU allows for elegant scaling and superior performance.

Nic

Packets (Memory Page)

SHARED CPUs

Zeek logs

Exporters

Sign up for our newsletter

548 Market St, PMB 77799
San Francisco, CA 94104-5401
+1(888) 547-9497

The Z and Design mark and the ZEEK mark are trademarks and/or registered trademarks of the International Computer Science Institute in the United States and certain other countries. The Licensed Marks are being used pursuant to a license agreement with the Institute.