IDS platforms and firewalls excel at creating alerts, but lack the surrounding context needed to validate, investigate and respond. Analysts seeking that context from other sources like Netflow will often find themselves hitting information dead ends, unable to effectively respond to real threats and tune out false positives.
Fortunately, Suricata and Zeek (formerly called Bro), two powerful open-source tools that are the foundation for Corelight’s Open Network Detection and Response (NDR) platform, can help security teams overcome this challenge.
Watch this webcast to learn about:
- How analysts can leverage Corelight to easily pivot from a Suricata alert to the corresponding Zeek log evidence to make fast sense of their alerts and traffic.
- How Corelight uses Suricata alerts and Zeek logs to drive higher fidelity alerts and accelerate incident response times
SPEAKER:
John Gamble
Director of Product Marketing, Corelight
John Gamble is Director of Product Marketing at Corelight and has spent more than a decade in the data protection industry representing cybersecurity, privacy and identity verification solutions, including his most recent role as Director of Product Marketing at Lookout, a mobile endpoint security company.