Network data for humans.

You don't need more alerts, most of them crying wolf and wasting your time. And you don’t need packet upon packet dumped on you indiscriminately. What you need is a unifying foundation that gives you the right amount of data at the right time, organized into highly actionable logs. We needed it too. That’s why we founded Corelight.

Software

Highlighted features from recent Corelight software releases.

The Core Collection: curated Bro packages for out-of-the box insight.

All Corelight Sensors now come preloaded with the Core Collection, a set of Bro packages curated and certified by Corelight for performance and stability that provide threat detection, data enrichment, and operational insight. Read more about the Core Collection

Detection packages

Cryptomining detection

Generates a notice when Bitcoin or Litecoin mining traffic is detected over TCP or HTTP.

SSL fingerprinting

Creates a hash of every SSL/TLS client negotiation, which can be used for hunting or matched against threat intelligence feeds.

HTTP stalling detection

Detects when a web client executes a resource exhaustion attack on a web server.

Long connections detection

Generates a notice when long running connections occur, providing early visibility into a possible attack in progress.

Port scanning detection

Identifies port scanning behavior involving hosts (horizontal) or ports (vertical) across a variety of protocols.

Data enrichment packages

URL extraction in SMTP

Automatically extracts URLs found in email bodies and appends them to Bro's smtp.log.

POST data capture in HTTP

Extracts POST data sent by a client to a server, and appends it to Bro's http.log.

DNS hostname annotation

Derives hostnames from DNS traffic and automatically appends it to Bro's conn.log.

Operational packages

SSL certificate monitoring

Provides visibility into local X.509 certificates seen over SSL/TLS that have expired or will expire soon.

Traffic shunting

Enables the conservation of sensor processing bandwidth and/or SIEM data costs by shunting unwanted traffic flows at the NIC.

Support for the Bro Intelligence Framework.

Expand the power of Corelight Sensors:

Match known indicators of compromise to your network traffic
Easy integration with intel feeds like Anomali and ThreatConnect
Flag IPs, URLs, emails, hashes and more

Bro, with a snappy UI.

15 minute Bro deployment with a modern web app so you don't need knowledge of command-line configuration

At-a-glance status of your Corelight Sensor inputs and exporters
Dashboard with status and key metrics like interfaces, log rates and ports
Monitor key sensor health metrics like memory and CPU usage and system temperature
LDAP integration

Handle large "elephant flows" like massive datasets transferred over science DMZs with flow shunting.

The Sensor removes elephant flows from its processing jobs, extracting only the key information, which allows you to save on data processing costs and scale your Sensor beyond 25 Gbps.

Flow shunting (AP 3000 only)

Implementation via custom Bro scripts
Runs in the Corelight NIC for high performance
Implementation assistance available from Corelight

Deploying a Bro network monitoring sensor has never been faster or easier.

Click to configure

Details

Data input options

Where is the data coming from?

Export targets

Where do you want the Bro logs to go? (like Kafka, Amazon S3, Splunk, JSON, Syslog and which logs to include / exclude)

Log forking & filtering

Send full logs to storage and send separate, filtered stream to SIEM to save on processing costs.

Bro packages

Which Corelight or custom Bro packages do you want to run?

File extraction export

Set parameters and file destinations.

Corelight Sensors make running and managing Bro simple and smooth.

Reporting

Set up performance reporting options for your Corelight Sensor.

Management

Update and maintain your Corelight Sensors from the GUI.

Automatic software updates

Phone home capability to ensure your Sensor is always up to date. Comprehensive API.

Optimized file extraction

Control which files are automatically extracted from network traffic and saved for later forensic analysis.

Custom scripts

Corelight Sensors support custom scripts. Add capabilities from existing scripts in GitHub or write your own to meet the needs of your organization.