Reduce incident response time by up to 20x
The time it takes your operations team to find and resolve a security incident is critical. Bro provides unparalleled data that helps your team get to the truth faster. Without Bro data, you and your team are working in the dark.
Filter out false positives more quickly
Corelight Sensors provide over 400 fields of data automatically extracted from your network flows, and transformed into structured logs designed by incident responders for incident responders. It's that data that lets incident responders quickly tell real threats from false alarms, and that means a faster, more effective security team.
Diagnose attacks, understand context faster
Corelight provides the context for threats and attacks, in the tools you already know and love. Whether you use Splunk, Elastic, ArcSight, QRadar or virtually any other analytics stack, it will be more powerful and effective if Corelight is fueling it with the right data.
Expand threat hunting capabilities
Use Corelight to manually identify interesting or risky IOCs, and then pivot quickly to the corresponding PCAP files for deeper investigation.
Generate and aggregate indicators of compromise
Integrate data from selected logs (IP and DNS) with the AlphaSOC threat intelligence tool to flag suspicious / malicious IPs. Use the logs to aggregate and show the rare certificates used in your environment.
Proactively hunt for threats like ransomware
Use SMB (Windows) logs and file analyzers to monitor files being read that have low entropy, and are later rewritten at higher entropy. That pattern could be a signal that ransomware is encrypting files on a network file share.
Diagnose a load balancer problem
Use data from Corelight Sensors to prove a commercial load balancer is having a problem that can’t be replicated in the lab.
Gain cases into rogue application deployment
Quickly identify when new internal applications are introduced and used in your environment, even in different business units. Knowing what's running helps you manage security risk more effectively.