Overview

Corelight offers the industry’s only open source-based NDR platform, which transforms network and cloud activity into evidence that provides SOCs with greater visibility, enhanced analytics, in-depth threat hunting and accelerated investigation. Easily deployed and available in on-prem and SaaS-based formats, Corelight combines the power of open source and proprietary technologies to deliver a complete Open Network Detection & Response (NDR) Platform that includes intrusion detection (IDS), network security monitoring and Smart PCAP solutions.

Customers can deploy Corelight Sensors in both on-prem and cloud environments (AWS, GCP, Azure). The sensors can be software, virtual, cloud or physical and connect to traffic mirrors within physical networks via packet brokers, span ports, or optical taps and in cloud environments via native traffic mirroring (e.g., VPC traffic mirroring in AWS).

Evidence and insights gathered via the sensors are then feed into existing customer SIEM, XDR, SOAR and other solutions to drive workflow automation and speed response to incidents, vulnerabilities and threats.

Corelight’s newest solution, Corelight Investigator, is a SaaS-based NDR platform that combines comprehensive network evidence with machine learning (ML) and advanced analytics in a fast, intuitive search platform that speeds security operations and consolidates legacy toolsets.

Corelight supports a broad ecosystem of technologies including CrowdStrike, Microsoft, Splunk and AWS. CrowdStrike recently selected Corelight to power their services and solutions portfolio including Incident Response, Compromise Assessment and Network Security Monitoring services.