Knowing which alerts are dangerous, and which are noise, isn’t easy. Corelight fuses Suricata’s signature-based alerts with corresponding Zeek® network telemetry, delivering ready-to-use evidence to your SIEM or Investigator—Corelight’s SaaS analytics solution—accelerating identification, risk assessment, containment and closure.
 |
Standalone IDS | |
|---|---|---|
| IDS alerts are pre-correlated with Zeek network security logs for comprehensive context |  |
 |
| Smart packet capture based on configurable rules linked to network evidence | |
|
| Multiple form-factors from hardware appliance to software, VM, and cloud | |
|
| A SaaS-based, evidence-first platform powered by machine learning | |
|
| Export logs to SIEM, data lakes, log aggregators, and Corelight Investigator | |
|
Corelight Open NDR consolidates multiple network and security data sources to provide uniform data across your cloud, physical, or container deployment. It also enables you to enrich logs and link related data. In addition, your Technical Account Manager can lead you through the process of replacing legacy data sets.
Corelight can maximize the signal to noise ratio by filtering data, only providing your SIEM with just the information you need. Plus, our TAM will help you tune your system performance to meet organizational needs, up to hundreds of gigabits per second.
