Corelight Reviews & Product Details

Corelight Product Details

Corelight's Open Network Detection and Response (NDR) Platform improves network detection coverage, accelerates incident response, and reduces operational costs by consolidating NDR, intrusion detection (IDS), and PCAP functionality in a single solution and by providing security analysts with machine learning-assisted investigations and one-click-pivots from prioritized alerts to the evidence needed to investigate and remediate them. Network Detection and Response platforms monitor and analyze network traffic, delivering telemetry into existing SIEM, XDR, or SaaS-based solutions. Corelight’s platform is unique because our detections and visibility engineering are community driven—with continuous content creation from Zeek®, Suricata IDS, and other Intel communities. And our integration with CrowdStrike XDR enables cross platform (EDR+NDR) analytics. This provides you with the most complete network visibility, powerful analytics, and threat hunting capabilities, and accelerates investigation across your entire kill chain. Corelight also delivers a comprehensive suite of network security analytics that help organizations identify more than 75 adversarial TTPs across the MITRE ATT&CK® spectrum including Exfiltration, Command and Control (C2), and Lateral Movement. These detections reveal known and unknown threats via hundreds of unique insights and alerts across machine learning, behavioral analysis, and signature-based approaches. CORELIGHT PRODUCTS + SERVICES Open NDR Platform Appliance, Cloud, Software, Virtual and SaaS Sensors IDS Fleet Manager Investigator Threat Hunting Platform Smart PCAP Corelight Training CERTIFICATIONS FIPS 140-2

Product Website

Seller

Corelight

Discussions

Corelight Community

Languages Supported

English

Product Description

Corelight provides security teams with network evidence so they can protect the world’s most critical organizations and companies. On-prem and in the cloud, our Open Network Detection and Response Platform enhances visibility and analytics, leading to faster investigations and expanded threat hunting. Corelight’s global customers include Fortune 500 companies, major government agencies, and large research universities. Based in San Francisco, Corelight is an open-core security company founded by the creators of Zeek®, the widely-used network security technology.

Overview by

Corelight Marketing

Corelight Integrations

(1)

Verified by Corelight

Corelight Media

Corelight Demo - Corelight Investigator: Gain visibility across your hybrid and multi-cloud environment.

Investigator's out-of-the-box dashboards accelerate incident response by providing prioritized alerts and a one-click-pivot to the context required for triage.

Corelight Demo - Corelight Investigator: Accelerate response with alerts mapped to the MITRE ATT&CK® Framework.

Increase SOC performance metrics and cut through the backlog with aggregated, prioritized alerts mapped to the MITRE ATT&CK Framework. Quickly access correlated evidence in just one click, driving faster decisions and response times.

Corelight Demo - Corelight Investigator: Improve cybersecurity through transparency.

Understand the logic behind the detections. Corelight provides transparency behind the machine learning to provide additional context.

Store packets longer and find them faster. Smart PCAP is a highly efficient approach to packet capture that links Zeek® logs, extracted files, and detections with just the packets you need for investigation. Corelight's Smart PCAP gives security teams complete control over packet capture. Comp...

Corelight Demo - Corelight Fleet Manager

Corelight Fleet Manager ensures seamless support and administration for multiple Corelight Sensors throughout an organization, providing single management dashboard with RBAC, customizable configuration templates, and sensor health and performance monitoring. The Corelight Fleet Manager dashboard...

Official Downloads

(5)

edit

Complete Visibility with Corelight Open Network Detection & Response

G2 reviews are authentic and verified.

Here's how.

Andy V.

Cybersecurity Engineer

Mid-Market (51-1000 emp.)

5/22/2025

"Corelight the Threat Hunters"

4.5/5

What do you like best about Corelight?

Great network telemetry. Corelight does a great job with presenting security network events in a digestible manner. The integration with CrowdStrike provides excellent correlating network events, and the built in parsers helps make view the network events easy to read. Review collected by and hosted on G2.com.

What do you dislike about Corelight?

It's a bit complex so really not suitable for a novice security analyst. Plus some of the online training is really high level, so you need to schedule personalized training which can be costly. Review collected by and hosted on G2.com.

Aman P.

Cloud Security (Threat and Observability)

Enterprise (> 1000 emp.)

10/3/2023

"Best NDR solution Guardians of Network"

5/5

What do you like best about Corelight?

The interface and ease of accessibility and customer support for technical troubleshooting is Awesome Review collected by and hosted on G2.com.

What do you dislike about Corelight?

nothing to dislike as of now since i am still using and getting used to to the new feature Review collected by and hosted on G2.com.

William J.

Security Analyst

Enterprise (> 1000 emp.)

7/26/2024

"We use Corelight sensors in our environment to monitor and alert based off of traffic."

4.5/5

What do you like best about Corelight?

Being able to enrich data daily as it is ingested and feed that into a log agrigator has been extremly useful. Depoloyments in our environment have also gone smoothly and the price has been fair. Review collected by and hosted on G2.com.

What do you dislike about Corelight?

One of the few downsides I have noticed is that we have had to write some corelight modules ourselves to properly sort and ingest data. Review collected by and hosted on G2.com.

Lalith S.

Sr. Devops Engineer

Mid-Market (51-1000 emp.)

7/25/2024

"I loved it"

4/5

What do you like best about Corelight?

My most helpful about corelight is network detection and analyze. Review collected by and hosted on G2.com.

What do you dislike about Corelight?

I would like more UI experience and improve it I would say. Review collected by and hosted on G2.com.

Verified User in Market Research

Mid-Market (51-1000 emp.)

7/26/2024

"Great Threat hunting choice"

4/5

What do you like best about Corelight?

Really good detection of threats and detailed informs, as a simple user this is super insightful Review collected by and hosted on G2.com.

What do you dislike about Corelight?

I would like the detection of threat be faster but i know there are some process to accomplish before i could reicive the results. Review collected by and hosted on G2.com.

Verified User in Computer Software

Mid-Market (51-1000 emp.)

7/4/2024

"Review for corelight"

4.5/5

What do you like best about Corelight?

1) Clean Website UI

2)Services provided

3) It seems very easy to use the services Review collected by and hosted on G2.com.

What do you dislike about Corelight?

Not much popularity

To much techinal features in the website that would be overwhelming for someone who is not involved in the field Review collected by and hosted on G2.com.

Richard D.

Enterprise (> 1000 emp.)

6/29/2023

"Corelight and the benefits to your organization"

5/5

What do you like best about Corelight?

The support and periodic review with the team assigned to you are excellent. The product (sensor AP along with add-ons such as Suricata and machine-based learning that provide insights within the Crowdstrike (Humio) platform are excellent. The base platform is like Zeek on steriods. If needed,pro-active support even lets you know the hardware may be failing and an RMAs you an identical substitute. The device logs to Humio, syslog, etc. simultaneously

The command line control of the device is excellent, and so is fleet management for a series of APs. There is also an annual Zeek conference in which new insights and roadmaps are presented by Corelight Review collected by and hosted on G2.com.

What do you dislike about Corelight?

Nothing - the sensors work perfectly and dashboard summaries are very good. If one wants, one can always simply query the data manually. There is constant improvement with the release of updates and integrations with other vendor products. Corelight support is always helpful no matter what I throw at them - ranging from technical questions down to annual quotes to renew licenses. I simply cannot find anything to dislike Review collected by and hosted on G2.com.

Verified User in Consulting

Enterprise (> 1000 emp.)

7/25/2024

"Pretty straight forward"

4/5

What do you like best about Corelight?

Great place for your cybersecurity needs! Review collected by and hosted on G2.com.

What do you dislike about Corelight?

Partnered with crowstrike and the uncertainty with those two combined. Review collected by and hosted on G2.com.

Verified User in Computer & Network Security

Mid-Market (51-1000 emp.)

7/12/2023

"Implementing Corelight monitoring as an MSSP for various customers"

5/5

What do you like best about Corelight?

Very easy to deploy. The hardware sensors and pre-made VM images make deployment as an MSSP very easy as we can just hand this stuff to the customer and give them the key to our Fleet Manager and manage the rest on our side.

Fleet Manager in particular is really good for managing disparate configurations and one-offs across multiple customers. Review collected by and hosted on G2.com.

What do you dislike about Corelight?

I'd say Fleet Manager not having the ability to facilitate the particular MSSP scenario where the MSSP owns Fleet Manager and has a variety of customers in one instance, but the customer wants access to Fleet Manager for reporting or perhaps editing configurations. Because we can't silo customers in like a "site" fashion to prevent them from seeing other customer's data, it's a scenario we can't do right now. Review collected by and hosted on G2.com.

Verified User in Higher Education

Enterprise (> 1000 emp.)

7/12/2023

"Right Tool, Great Support"

4.5/5

What do you like best about Corelight?

Corelight appliances do one thing and do it well: process your network traffic through analysis engines. Corelight support staff know what they're doing, reply promptly, and resolve most issues within two emails. Review collected by and hosted on G2.com.

What do you dislike about Corelight?

We've seen Corelight grow quite a bit since we first became a customer. I worry they might one day adopt Cisco's strategy of adding unnecessary features in the pursuit of achieving vendor lock-in. Doing would degrade the user experience and price out customers who can't afford a one-stop-shop security solution. Review collected by and hosted on G2.com.