Corelight manages deep packet inspection on networks with a physical or virtual appliance. With a graphical interface, the solution is rather easy to deploy and use. Corelight is based on the open source monitoring platform “Zeek”, previously known as “Bro” in reference to “Big Brother” from G. Orwell’s 1984 Book.
Corelight’s specialty is to act as “middleware”, i.e. a tool between packet aggregators, allowing data to be added and transformed, to then be sent upstream, to other devices. traditional recording, alerting and detection systems such as security information and event management systems (SIEM). Ultimately, it transforms the packets into more useful data.
Open NDR Platform
Zeek / Bro
Identification & follow-up – alerts / problems
When there is an SE security alert or an issue to investigate, Zeek/Bro helps you find the problem faster. It complements signature-based tools to help you quickly track complex events across multiple streams and protocols with ease, to quickly identify and resolve security issues.
Suricata
Quick & custom alerts
Suricata and Zeek allow you to create solutions adapted to your environment. You can load any open source ruleset and feed alerts into your scripts for event handling. Personalization is fast with a real impact on security.
Encrypted Traffic Collection
Corelight Encrypted Traffic Collection
Encrypted traffic information
No downtime or inspection required. Corelight Encrypted Traffic Collection provides actionable security information without decryption. You can fingerprint connections SSL, track expiring certificates, discover file transfers over SSH, and more.
Traffic sensors
Appliance sensor
Powerful high-speed sensor
To monitor network speeds, manage link monitoring (high bandwidth) easily, with a version suitable for branch offices or high-value enclaves that require full network monitoring.
Cloud sensor
Suitable for major cloud platforms
Designed specifically for security needs, the Corelight Cloud Sensor provides high-fidelity data for incident response, intrusion detection, and forensics. It scans dozens of network protocols to get a rich and actionable picture of traffic.
Software sensor
The all-purpose sensor…
The Corelight software sensor is our most flexible offering, allowing you to get Zeek data where physical Corelight sensors cannot be deployed.
Virtual Sensor
Run Corelight on your hardware
The Corelight Virtual Sensor is our most flexible meter, designed to monitor traffic anywhere at speeds up to 8 Gbps using scalable configurations for Hyper-V.
Sensor Manager
Simplify sensor management
An interface to see the status of sensors, explore specific metrics with one click. Enables quick, multi-sensor configuration to create configuration templates and define custom sensor groups to assign user roles and different levels of access.