Meet Corelight Open NDR
Strengthen your security posture with new detections, high-fidelity alerts, and simplified detections across deployments.
Corelight Open NDR is the industry’s only open core NDR platform that’s powered by open source technologies such as Zeek®, Suricata®, and YARA.
Features & benefits
Here’s a picture of the benefits you’ll get by upgrading to Corelight:
Sensors |
|
|
|---|---|---|
|
Physical Sensors |
DIY hardware purchase/build |
|
|
Virtual Sensors for VMware & Hyper-V |
DIY manual configuration |
|
|
Cloud Sensors for AWS, Azure, GCP |
|
|
|
Binary Sensors for containers & Linux environments |
DIY manual configuration |
|
MITRE ATT&CK mapping |
|
|
|---|---|---|
|
Detection mapped to 80+ MITRE ATT&CK techniques for threat emulation and coverage tracking |
|
|
Detections |
|
|
|---|---|---|
|
Signature-based detections |
|
|
|
Behavior-based detections |
|
|
|
Behavior baselining with ML |
|
|
|
Threat intelligence and IOCs |
|
|
|
Search-based detections |
|
|
|
Brute-force detections |
Manual |
|
|
|
|
|
|
|
|
|
|
|
|
|
|
Triage History |
|
|
|
Asset Fingerprinting |
|
|
|
Service Identification |
|
|
|
AI Alert Explanation |
|
|
|
AI Session and Payload Summary |
|
|
|
AI Triage Next Steps
|
|
|
Native integrations |
|
|
|---|---|---|
|
SIEM (Splunk, Google, Microsoft, Elastic, CrowdStrike, and more) |
|
|
|
SOAR (Splunk, Microsoft) |
|
|
|
Log Management/Streaming (CrowdStrike, Cribl, GrayLog) |
|
|
|
EDR/XDR (CrowdStrike, Microsoft, SentinelOne, Sophos/Secureworks, Stellar Cyber) |
|
|
|
Log Enrichment (CrowdStrike, Microsoft, SentinelOne) |
|
|
|
Vulnerability Management (CrowdStrike, Microsoft, Tenable) |
|
|
|
Host/Entity Isolation (CrowdStrike, Microsoft) |
|
|
|
Firewall IP Address Isolation (Palo Alto Networks) |
|
|
|
Packet Broker (cPacket, Gigamon, Garland, Endace, Keysight, and more) |
|
|
|
|
|
Performance |
|
|
|---|---|---|
|
100+ Gbps Zeek per 1U sensor |
3-4 Gbps max per sensor cluster |
|
|
Up to 10 Gbps |
|
|
Management |
|
|
|---|---|---|
|
Deployed in <15 minutes |
Deployment takes weeks to months |
|
|
Web management interface |
Command line only |
|
|
Automatic software updates |
Manual |
|
|
Fleet management for up to 250 sensors |
|
|
|
Comprehensive sensor health monitoring |
|
|
|
RESTful API support |
|
|
|
1-click package installation |
Manual |
|
Data export |
|
|
|---|---|---|
|
Export integration with SIEMs |
Manual integration |
|
|
Kafka, syslog, Amazon Kinesis, Apache Avro, SFTP |
Writes to files on disk |
|
|
Default log streaming |
Manual |
|
|
Log stream forking to multiple destinations |
|
|
Data control |
|
|
|---|---|---|
|
Data aggregation (50-80% reduction) |
|
|
|
Filter by log type and contents |
Manual |
|
|
Filter by file type |
|
|
|
Traffic shunting for large & long running flows |
|
|
Security & support |
|
|
|---|---|---|
|
Jailed processes |
|
|
|
FIPS 140-2 |
|
|
|
Common Criteria |
|
|
|
Automatic security updates |
|
|
|
Disk encryption |
Manual |
|
|
24/7 enterprise support from Zeek experts |
|
|
Zeek functionality |
|
|
|---|---|---|
|
Logging |
|
|
|
File extraction |
|
|
|
Package manager |
|
|
|
Zeek Intel Framework |
|
|
|
Zeek Input Framework |
|
|
|
Zeek NetControl Framework |
|
|
|
Zeek Notice Framework |
|
|
|
Zeek PCAP Ingestion |
|
|