Overview

Corelight Open NDR Platform is an open-source network detection and response solution designed to provide deep visibility into network traffic. It empowers security teams to detect, investigate, and respond to threats faster by delivering rich network telemetry through Zeek-based sensors. The platform integrates seamlessly with existing security infrastructure and enables scalable deployment across complex environments. It supports rapid threat hunting and forensics by converting raw network data into actionable insights.

Features and Capabilities

• Open-source network traffic analysis: Uses Zeek (formerly Bro) to provide rich, detailed network metadata.
• Scalable deployment: Supports large-scale environments with distributed sensor architecture.
• Comprehensive network visibility: Captures full network context for detailed threat investigation.
• Integration-ready: Works with SIEM, SOAR, and other security tools for automated workflows.
• Customizable detection: Enables users to write and deploy custom detection scripts.
• Rich telemetry export: Supports data export in multiple formats for downstream analysis.
• Protocol parsing: Deep parsing of a wide range of network protocols to uncover hidden threats.
• Real-time alerting: Facilitates fast response to suspicious activity with real-time notifications.
• Active threat hunting: Provides powerful tools for analysts to explore network activity interactively.
• Community driven: Benefits from continuous updates and improvements by a global open-source community.
• Flexible sensor deployment: Can be deployed on-premises, cloud, or hybrid infrastructures.
• Data enrichment: Adds contextual info like DNS, SSL, HTTP to network logs for better analysis.