Turn network traffic into security visibility.

Corelight Sensors transform network traffic into rich logs, extracted files, and custom insights via Zeek (formerly known as Bro), a powerful, open-source network security monitor used by thousands of organizations worldwide. Make quick sense of traffic so you can resolve incidents faster and threat hunt more effectively.

aws-webcast icon Watch our webcast to learn how it works in AWS.

Hero-cloud-image
Hero-ap-sensor-image

Compare To Open-Source Zeek

Corelight makes Zeek / Bro quick to deploy, 10x faster, and easier to manage.

Minutes, not months to full-scale Zeek deployment. A beautiful, web GUI, no command-line skills needed. Up to 10x peak analysis throughput per sensor. These are just some of the many advantages Corelight brings to the table to make your Zeek deployment enterprise-grade and significantly more powerful.

Features & Benefits
Open-source Zeek
Flexible and simple data export
Yes
No
Web management UI
Yes
No
Hardware accelerated NIC
Included
Separate purchase required
Analysis throughput, per sensor
Up to 25 Gbps
3-4 Gbps
3rd party integrations
Yes
No
LDAP support
Yes
No
Support for Zeek Intelligence Framework
Yes
Yes
Support for Zeek Input Framework
Yes
Yes
Streaming data export
Yes
No
Shunting of large flows
Yes
Separate NIC purchase required
Optimized file extraction
Yes
No
Filtering to control export volume
Yes
No
Comprehensive API
Yes
No
Performance charts
Yes
No
Geolocation
Yes
No
Encrypted drives
Yes
System implementation required
Zeek logs
Yes
Yes
FIPS Certified
Yes
No
Support for custom scripts and the Zeek Package Manager
Yes
Yes
Preloaded Zeek Scripts / Packages
Corelight Core Collection
No
Support
Commercial support from the creators of Zeek
Community mailing lists
Staff required for deployment
Minimal—appliance model
Zeek experts and systems specialists
Updates and maintenance
Automatic updates, optional real-time monitoring
Manual patching, tuning, and updating required
Time for deployment
Application configuration in minutes
Typically weeks to months
Flexible and simple data export
Yes
Open-Source Zeek / Bro
No
Web management UI
Yes
Open-Source Zeek / Bro
No
Hardware accelerated NIC
Included
Open-Source Zeek / Bro
Separate purchase required
Analysis throughput, per sensor
Up to 25 Gbps
Open-Source Zeek / Bro
3-4 Gbps
3rd party integrations
Yes
Open-Source Zeek / Bro
No
LDAP support
Yes
Open-Source Zeek / Bro
No
Support for Zeek Intelligence Framework
Yes
Open-Source Zeek / Bro
Yes
Support for Zeek Input Framework
Yes
Open-Source Zeek / Bro
Yes
Streaming data export
Yes
Open-Source Zeek / Bro
No
Shunting of large flows
Yes
Open-Source Zeek / Bro
Separate NIC purchase required
Optimized file extraction
Yes
Open-Source Zeek / Bro
No
Filtering to control export volume
Yes
Open-Source Zeek / Bro
No
Comprehensive API
Yes
Open-Source Zeek / Bro
No
Performance charts
Yes
Open-Source Zeek / Bro
No
Geolocation
Yes
Open-Source Zeek / Bro
No
Encrypted drives
Yes
Open-Source Zeek / Bro
System implementation required
Zeek logs
Yes
Open-Source Zeek / Bro
Yes
FIPS Certified
Yes
Open-Source Zeek / Bro
No
Support for custom scripts and the Zeek Package Manager
Yes
Open-Source Zeek / Bro
Yes
Preloaded Zeek Scripts / Packages
Corelight Core Collection
Open-Source Zeek / Bro
No
Support
Commercial support from the creators of Zeek
Open-Source Zeek / Bro
Community mailing lists
Staff required for deployment
Minimal—appliance model
Open-Source Zeek / Bro
Zeek experts and systems specialists
Updates and maintenance
Automatic updates, optional real-time monitoring
Open-Source Zeek / Bro
Manual patching, tuning, and updating required
Time for deployment
Application configuration in minutes
Open-Source Zeek / Bro
Typically weeks to months