Close the gap between alert and answer

Knowing which alerts are dangerous, and which are noise, isn’t easy. Corelight fuses Suricata’s signature-based alerts with corresponding Zeek® network telemetry, delivering ready-to-use evidence to your SIEM or Investigator—Corelight’s SaaS analytics solution—accelerating identification, risk assessment, containment and closure.

Zero in on true positives

When the IDS alert fires, Corelight packages the alert and network evidence. This package contains a unique key that makes it easy for an analyst to find related data using basic SIEM queries.
Suricata IDS #8

Resolve critical cases with speed and accuracy


Someone attempts a SQL injection, triggering an IDS alert. How do you know if it was successful?


See if a SSH session was scripted, if someone is typing, or if they’re moving files around


Watch how our SOAR or XDR integration and our playbooks speed up remediation. 

Corelight’s NDR solution vs. standalone IDS

  Corelight image Standalone IDS
IDS alerts are pre-correlated with Zeek network security logs for comprehensive context IDS_header_logo_green-check IDS_header_logo_red_close
Smart packet capture based on configurable rules linked to network evidence IDS_header_logo_green-check IDS_header_logo_red_close
Multiple form-factors from hardware appliance to software, VM, and cloud IDS_header_logo_green-check IDS_header_logo_red_close
A SaaS-based, evidence-first platform powered by machine learning IDS_header_logo_green-check IDS_header_logo_red_close
Export logs to SIEM, data lakes, log aggregators, and Corelight Investigator IDS_header_logo_green-check IDS_header_logo_red_close

Evidence and analytics pipeline

Suricata IDS #4

Simplified, consolidated and fully supported

Corelight Open NDR consolidates multiple network and security data sources to provide uniform data across your cloud, physical, or container deployment. It also enables you to enrich logs and link related data. In addition, your Technical Account Manager can lead you through the process of replacing legacy data sets.

Precisely the data you need—that’s it

Corelight can maximize the signal to noise ratio by filtering data, only providing your SIEM with just the information you need. Plus, our TAM will help you tune your system performance to meet organizational needs, up to hundreds of gigabits per second.

Discover more

Download technical whitepaper
Corelight Suricata IDS whitepaper thumbnail