Corelight is based on the open source tool Zeek, as well as Suricata IDS and SmartPCAP for efficient and highly flexible network traffic capture (packet captures).
Zeek data has become the "gold standard" for incident response, threat hunting and forensics in large enterprises and government agencies worldwide. Corelight offers a range of network sensors, both physical and virtual, at every scale that simplify the use of open source Zeek by adding integrations and features that large organizations need.
- Suricata IDS
- Smart PCAP
- C2 Collection
- Encrypted Traffic Collection
- Core Collection
- Appliance Sensor
- Cloud Sensor
- Software Sensor
- Virtual Sensor
- Fleet Manager
Corelight's SaaS based Investigator solution
Most recently, the SaaS-based Corelight Investigator was also launched in EMEA. Investigator is a network detection and response (NDR) solution that combines the comprehensive network evidence of Corelight sensors with machine learning (ML) and advanced analytics in a fast, intuitive search platform that accelerates security operations and consolidates legacy toolsets.
Investigator is easy to deploy, highly scalable, and available 24/7 globally to your Security Operations Center (SOC). In addition, the Corelight Labs team continuously develops new ML-based threat detections and automatically delivers them to Investigator, giving users instant access to the latest analytics content.