Corelight

Technology Alliance Partner

Devo + Corelight Details

Put more of your Zeek data to work with the Devo and Corelight integration:

  • Improved detections: High-fidelity alerts generated from Corelight logs are automatically enriched to include entity context and threat intelligence to reduce MTTR
  • Faster investigations: Uncover potential threats using Zeek data with visual analytics and using the Devo no-code query capability for faster mitigation of threats
    • Analyst-tailored workflow for investigations with Security Operations – triage, investigate, respond
    • Analyze files (e.g. pcap, binaries) using the integrated DFIR toolkit and include findings directly within the investigation enabling investigators to centralize deeper evidence in one location
  • More productive hunts: Threat hunt with Corelight data and join it with other key security data sources to gain a complete understanding of IOCs
  • True real-time network visibility

What does Corelight do?

Corelight delivers powerful network traffic analysis (NTA) solutions that help organizations defend themselves more effectively by transforming network traffic into rich logs, extracted files, and security insights. Corelight Sensors are built on Zeek (formerly called “Bro”), the open-source NTA framework that generates actionable, real-time data for thousands of security teams worldwide.

What products/services does Corelight offer?

Corelight runs on Zeek, the powerful, open-source network analysis tool that has become a global standard. Thousands of the world’s most critical organizations use Zeek to generate actionable, real-time data to help defend their networks.

Zeek extracts over 400 fields of data in real-time, directly from network traffic. It covers dozens of data types and protocols from Layer 3 to 7, including TCP connections, SSL certificates, HTTP traffic, emails, DHCP, and more. Zeek logs are structured and interconnected to support threat hunters and incident responders.

Corelight Sensors—available in physical, cloud and virtual formats —vastly simplify the challenges deploying open-source Zeek. They offer excellent performance, combine the capabilities large organizations need with high-end, out-of-band hardware and a specialized version of the open-source Zeek network security monitor.

Need more information?

See how Devo can help you get more value from your Corelight high fidelity network traffic analysis.