The Corelight AP 3000 Sensor can shunt large, long-lived elephant flows (e.g., video files) using a hardware NIC on the box—so you can scale beyond 25 Gbps. Learn more.
Learn how top network security pros use Zeek to defend campus networks.
Corelight assembled a panel of top network security professionals from universities across the United States to speak about their own Zeek deployment architectures and security use cases. Learn from the pros!
Join the data-first revolution in network security design.
Leading security organizations use Zeek as the foundational layer in a network architecture that provides complete, actionable network visibility that can be deployed in any network environment and centralizes data in a common repository (e.g., a SIEM).
Compared to network architectures where visibility is limited and decentralized, this data-first design pattern can dramatically accelerate security operations and analytics. Learn how.
Monitor your Science DMZ.
Graduate to enterprise-grade Zeek:
- Manage sensor configurations and monitor key health metrics via an intuitive web interface
- Out-of-the-box integration with your favorite tools, like Splunk, Elastic, Kafka and more...
- Activate Corelight-verified Zeek packages with one click for additional traffic insights, like cryptocurrency mining activity alerts
- Easily filter out unneeded Zeek logs to control traffic volumes to your SIEM
- And more
This university created custom threat detections with Zeek.
When server and firewall logs left critical visibility gaps, this university turned to Zeek logs as their primary source of network visibility and wrote custom scripts to track behaviors like known-C2 server communications and port scanning to root out attacks.