Get Started
          Corelight
          Suricata-zeek
          Suricata
          +
          Zeek

          Put defenders on top with alerts integrated into evidence

          Available now for all Corelight Sensors

          Alert Shadow
          Alert Shadow
          Alert Shadow
          Alert Shadow

          CONTEXT IS EVERYTHING

          Analysts need answers when an alert fires

          Analysts need answers when an alert fires

          All SOC teams face the same challenge: workflows begin with an alert, but without supporting data.

          But they constantly hit dead ends

          But they constantly hit dead ends

          For example, Tier 1 analysts may not even have a timestamp to start with, and if they do make headway, the data they need is often missing or locked away.

          Linking evidence and alerts drives

          Linking evidence and alerts drives better, faster decisions

          Corelight’s Suricata + Zeek integration provides rich, pivotable network data to everyone in the SOC. That way they can decide if they’re looking at a false positive, or an incident, with confidence.

          Build custom defenses fast

          Both Suricata and Zeek let you create solutions that fit your environment. You can purchase ET Pro directly from Corelight or add any open source ruleset you want, then feed the alerts into scripts you’ve written for event handling. This customization is fast, and has real security impact, like when it allowed our community to respond to Curveball in just one day. Read more on our blog

          web-update-suricata-page-92b6225

          Sharing Suricata and Zeek workloads on one CPU allows for elegant scaling and superior performance.

          Nic Nic
          corelight
          Packets Packets (Memory Page)
          corelight
          corelight
          Zeek logs Zeek logs
          corelight
          Kafka
          corelight
          Exporters Exporters
          Suricata Plus