Corelight from PointWire

Who is Corelight and what do they do?


At Corelight, they believe the best approach to cybersecurity risk starts with network evidence. This evidence helps elite defenders increase visibility, unlock powerful analytics, accelerate investigations, and level up threat hunting. Their Open Network Detection and Response Platform is the fastest-growing in the industry, and the only one powered by open source. They protect some of the most sensitive, mission-critical enterprises and government agencies in the world. Corelighters are proud of their diverse background and thought, and they’re united by their strong shared culture and the values they live by every day

image image


Elite defenders recognize that alerts can—and will—be missed. They know that an evidence-first strategy is their best opportunity to catch advanced adversaries in the act.

image image


Cyber risk is an inevitable part of any organization's security posture. Uncertainty makes this risk even harder to deal with. That's why the most sophisticated defenders adopt an evidence-based approach to network security.

Why choose CoreLight?

How To Defend With Evidence?

Complete Visability

Gain a commanding view of your organization and all devices that log onto your network—with access to details such as SSH inferences, DNS query/response, file hashes, TLS connection details, and HTTP content.

Next Level Analytics

Machine learning—fueled with network evidence—delivers powerful insights so you can focus on the most critical detections. Corelight’s high-fidelity, correlated telemetry powers analytics, machine learning tools, and SOAR playbooks, improving efficiency and unlocking new capabilities so that you can make better decisions—faster.

Faster Investigation

Correlate alerts, evidence, and packets so you can establish baseline network activity and integrate that context directly into your existing workflows. Reduce false positives and your alert backlog—with no redesign or retraining necessary. You get a full view of every incident so you can validate containment and remediation.

Expert Hunting

Rich, organized, and security-specific evidence enables you to spot vulnerabilities, intruder artifacts, critical misconfigurations, signs of compromise and undetected attacks, further mitigating risk.

What type of evidence can Corelight help provide?

image image

Zeek Metadata

image image

Encrypted Traffic Insight

image image

Applications Identification

image image

Extracted Files

image image

Selective PCAP

Find out more about Threat Hunting

Looking to get started with Corelight?