We just raised a $30M Series A: Read our story

Corelight OverviewUNIXBusinessApplication

Corelight is #9 ranked solution in Network Traffic Analysis tools. IT Central Station users give Corelight an average rating of 10 out of 10. Corelight is most commonly compared to Darktrace:Corelight vs Darktrace. The top industry researching this solution are professionals from a computer software company, accounting for 25% of all views.
What is Corelight?

Corelight is the most powerful network visibility solution for information security professionals. We provide real-time data that organizations use to understand, detect, and prevent cyber attacks. Our solution is built on Zeek, the powerful and widely-used open source monitoring framework.

Buyer's Guide

Download the Network Traffic Analysis (NTA) Buyer's Guide including reviews and more. Updated: November 2021

Corelight Customers

Education First

Corelight Video

Pricing Advice

What users are saying about Corelight pricing:
  • "It's a yearly fee and depends on what you are looking for."

Corelight Reviews

Filter by:
Filter Reviews
Industry
Loading...
Filter Unavailable
Company Size
Loading...
Filter Unavailable
Job Level
Loading...
Filter Unavailable
Rating
Loading...
Filter Unavailable
Considered
Loading...
Filter Unavailable
Order by:
Loading...
  • Date
  • Highest Rating
  • Lowest Rating
  • Review Length
Search:
Showingreviews based on the current filters. Reset all filters
José Luis Pozo
Pre Sales Technician at DotForce
Real User
Top 10
A basic component for enriching cyber security analysis

Pros and Cons

  • "Corelight is easy to use."
  • "Machine learning could be a good improvement, but it's very costly."

What is our primary use case?

Corelight is a network traffic analysis product. It is an enterprise solution of Zeek and Suricata. It is deployed mostly with physical sensors, although cloud, virtual and software sensors are available as well. We deploy it for our customers, and MSSP.

How has it helped my organization?

Cyber Security Operators barely need to learn how Corelight works because it is integrated with the SIEM of the company. That's why Corelight is very useful since the very first moment it is deployed. Corelight makes much easier the remediation of cyber attacks. Instead of facing a chaotic amount of logs, Corelight provide correlated metrics that allow pivoting to find, in seconds all the data related to an alert, detection or asset. It can be used both on-premise and cloud, and it can be easily scaled.

What is most valuable?

Corelight provides a insight, visibility and a lot of data. No matter if you need detection for proactive defense or you need data for forensics, Corelight is the primary source of information for cyber security. The deployment is very quick and you are using it from the very beginning.

What needs improvement?

Al the beginning I was surprised that it didn't include Machine learning based detection, but after some months, I understand why. Our SIEM and our SOAR already includes Machine Learning detection, and Corelight already make behavior based detection as well as signature based detection. Everything in Corelight is useful, and adding ML to an NDR would just make it more expensive, and I'm not sure if it would really improve the final result since Corelight sees everything and ML can be used in other solutions.

Last release included Smart PCAP, a tool that makes PCAP storing easier (and more cost-effective).

For how long have I used the solution?

We have been using the product, about four months. First time I used it was in April '21

What do I think about the stability of the solution?

Corelight is very stable. It is based on Zeek, a solution that has been used for more than 20 years.

What do I think about the scalability of the solution?

It is a simple procedure to scale the installation.

How are customer service and technical support?

Excellent. They are dedicated to the customer from the first moment.

How was the initial setup?

It is very straightforward to choose one physical sensor because you have a sensor with all the installation pre-installed. It is a very straightforward solution because it has a sensory set already configured. You have to adapt it to integrate with your network, with packet brokers. This is the main step that we have to do to integrate with a network. It's not a complicated process.

What's my experience with pricing, setup cost, and licensing?

It is surprisingly affordable

Which other solutions did I evaluate?


What other advice do I have?

It depends on the kind of customer, but I would recommend it for most companies that had a SOC. It is instrumental. I would rate this product a 10 out of 10. Corelight, including Zeek (former BRO) and Suricata, is well known by most cyber security analysts. For that reason, we have seen that people liked Corelight and Zeek. It adapts perfectly to the day to day work for people in security analytics.

Which deployment model are you using for this solution?

On-premises
Disclosure: My company has a business relationship with this vendor other than being a customer: Distributor
Flag as inappropriate
Olivier Vaugrenard
Chief Executive Officer at NetMetrix
Reseller
Top 20
Easy to install, good technical support that is responsive, and the IDS works well

Pros and Cons

  • "The most valuable feature is the embedded IDS from Suricata."
  • "In the next release, building a graphical user interface would be helpful."

What is our primary use case?

It is mainly being used for security purposes, and to increase cyber visibility.

What is most valuable?

The most valuable feature is the embedded IDS from Suricata.

What needs improvement?

It's an expensive solution and the price could be reduced.

They don't have a GUI. In the next release, building a graphical user interface would be helpful.

For how long have I used the solution?

I have been using Corelight for a few months.

What do I think about the stability of the solution?

Corelight is a stable solution.

What do I think about the scalability of the solution?

It's a scalable product.

How are customer service and technical support?

Technical support seems to be good. The response is quite good and also the response time is quite good.

How was the initial setup?

The initial setup is pretty easy with respect to installing.

What's my experience with pricing, setup cost, and licensing?

They have a license-based model.

It's a yearly fee and depends on what you are looking for.

It's an expensive product.

What other advice do I have?

I don't have enough visibility in the competition in order to give you an accurate response to what could be improved. We are still new to this solution we don't know yet. 

I would rate this solution an eight out of ten.

Which deployment model are you using for this solution?

Hybrid Cloud
Disclosure: My company has a business relationship with this vendor other than being a customer: Reseller