The network is the truth. Open NDR. Real evidence.
Corelight provides industry-leading network detection and response (NDR) solutions powered by open-source Zeekz and Suricata®. The platform turns network data into definitive evidence, powering AI-driven detection and expert authored workflows, and enabling the AI SOC ecosystem.
Advanced threats move fast. Corelight moves faster.
Corelight is the leader in Open Network Detection and Response (NDR). It is engineered to provide the ground truth for the Security Operations Center (SOC) teams. While traditional tools rely on fragmented logs, Corelight interrogates the network in real-time, transforming raw and messy packets into a forensic grade record of network activity across on-premises, cloud, and hybrid environments. This creates a single source of truth that attackers cannot alter. What sets Corelight apart is its open-source heritage that is fused with enterprise-grade performance. By leveraging a passive, out-of-band approach, Corelight captures a copy of your raw traffic without ever impacting your network performance. By fusing signature-based Intrusion Detection System (IDS) alerts from Suricata® with Zeek’s rich network evidence, Corelight delivers an unmatched NDR experience. It eliminates manual log stitching through its Unique ID (UID) system. This dramatically reduces alert noise and lowers the Mean Time to Respond (MTTR) to a speed that matches the urgency of today’s landscape.
Key benefits
Unmatched Network Visibility
Monitor east-west and north-south traffic across hybrid environments
Open-Source Power
Built on trusted Zeek® and Suricata® frameworks for transparency and extensibility
Accelerated Threat Detection
Identify and respond to sophisticated attacks faster
Open NDR
Open NDR combines dynamic network detections, AI, intrusion detection System (IDS), network security monitoring (NSM), threat intelligence, static file analysis, and packet capture (PCAP) in a single security tool that’s powered by proprietary and open-source technologies Zeek® and Suricata®, and YARA. Read more
Analytics & detection
Illuminate and disrupt attacks hidden in your network. Receive unmatched visibility and precision crafted detections to catch evasive threats. Backed by AI and workflow automation, you move from alert to action, faster. Read more
MITRE ATT&CK®
Uncover over 80 techniques, with exceptional visibility into adversary methods used for defense evasion, credential access, discovery, and command and control. Read more
Corelight at its core
Start with the right telemetry
Zeek® is the gold standard for network monitoring, with over 10,000 deployments. It doesn't just collect data, it interrogates the network. This transforms raw packets into contextualized logs, which is the network evidence required for modern defense. Every log is linked by a unique ID (UID), providing the interconnected evidence required for rapid modern defense.
Correlate alerts & packets into evidence
Corelight fuses signature-based Intrusion Detection Service (IDS) alerts from Suricata® with Zeek® network evidence. This correlated package is then delivered to your Security Information and Event Management (SIEM), Extended Detection and Response (XDR) for remediation.
Apply the right detection approach per threat
Leverage artificial intelligence, machine learning, behavioral analytics, and other signatures to lower false positives and accelerate detection engineering response time.
Automate core SOC capabilities
Corelight open core approach and broad integration strategy allows you to easily integrate Corelight data into existing SIEM, XDR, and Security Orchestration, Automation, and Response (SOAR) solutions.
Benefits of Open NDR
Network visibility
Fortify EDR with NDR to reach 100% network visibility, effectively eliminating blind spots in Domain Name System (DNS), Operational Technology (OT), and encrypted traffic. This comprehensive coverage provides early visibility into adversary activity, allowing you to disrupt attacks with deep network insight.
Detections
Immediately improve network coverage with Open NDR’s 70,000+ out-of-the-box signatures, behavioral, AI, and other detections that identify over 80 ATT&CK TTPs. Then, add your own custom detections or novel innovations from open-source contributors.
Incident response
Open NDR provides essential context via AI and links alerts to network data. Together with automation tools that amplify real issues and reduce noise.
Toolset consolidation
Drive 4:1 tool consolidation by unifying metadata, files, IDS, and PCAP to power comprehensive threat detection coverage, all in a single platform.
The Open NDR promise
What is Open NDR?
Network detection and response (NDR) is a cybersecurity technology that continuously monitors network traffic from physical and cloud-based environments. NDR solutions include extended visibility, enriched network data, detection, threat hunting, forensics, and response capabilities. These solutions are often delivered as a combination of physical, virtual, software, and cloud appliances. It enables security teams to more quickly detect adversary activity and respond to security incidents.
The “Open” approach to NDR builds on this foundation using transparent, community-driven technologies like Zeek®, Suricata®, and Sigma, enhanced with artificial intelligence. Unlike proprietary NDR platforms, Open NDR gives teams complete control over their data and detections, allowing them to customize threat detection for their unique environment, filter alerts without vendor constraints, and integrate seamlessly with existing tools like CrowdStrike Falcon or Splunk. Because data remains fully portable and standards-based, organizations avoid vendor lock-in while enabling faster threat hunting and forensics.
How Open NDR works
Control
With no vendor lock-in to proprietary toolsets, you own your data, which ensures that solutions can be modified to exact specifications. This independence allows you to maintain customization and detection privacy from vendors, providing a foundation of full control over your security architecture.
Compatibility
Open NDR is compatible with leading SIEMs, XDR systems, data lakes, and other platforms. This flexibility is further supported by an ecosystem of additional third party and free open source services and solution. Ensure seamless integration across your entire stack.
Community
Community driven development of new research, detections, and innovations enables a fast response to new threats from a wider mindshare. This is bolstered by a broad support network from open source communities. Not to mention, the vast amount of educational content and training.
Confidence
Highly peer reviewed software can improve security and reduce vulnerability risk. AI enhanced threat hunting assists your team against complex adversaries. These capabilities are tested in real customer environments and built on the design patterns of the world's elite defenders.
EDR evasion and encrypted traffic coverage
Detect post-exploitation behavior and threats that evade endpoint controls such as credential access, DNS tunneling, or anomalous SMB usage. See and detect across east-west traffic, unmanaged devices, and encrypted sessions, where EDR often has blind spots.
High fidelity, low noise alerts
Targeted detections for high-value threat behaviors like lateral movement, C2 communication, encrypted traffic misuse, and exfiltration that are precise and context-aware, dramatically reducing false positives.
Faster triage, quicker response
Corelight enriches detections with AI-driven automations, providing evidence-backed summaries, guided triage, and analyst-ready workflows to accelerate investigations. See the "why" behind every threat, so you can validate and investigate faster.
Analytics & detections | move from alert to action with greater speed
Once the Open NDR platform detects an anomaly, the Analytics & Detections engine immediate starts analyzing the raw evidence through a multi layered lens of AI and behavioral math to separate real threats from background noise. To make these findings actionable, Corelight automatically maps every detection to the MITRE ATT&CK framework. Your team can response with surgical precision because Corelight has provided you contextualized insights about what the hacker is trying to do and how to stop them.
MITRE ATT&CK®
MITRE ATT&CK® is a globally-accessible knowledge base of adversary tactics and techniques based on real-world observations. The ATT&CK knowledge base is used as a foundation for the development of specific threat models and methodologies in the private sector, in government, and in the cybersecurity product and service community.
While the MITRE framework provides the “what” and the “why” of cyberattacks, Corelight provides the “how”. After providing your SOC team with evidence-based context through Zeek® logs, Corelight illuminate network blind spots by catching critical move like C2 and exfiltration that occur entirely on the network.
Explore the map of Corelight’s MITRE ATT&CK® coverage.
Work faster
with native CIM and data model integration for Splunk Enterprise Security and Splunk SOAR.
Complete coverage
Get true XDR capability with Crowdstrike + Corelight for the best depth and breadth.
Threat hunting
From device discovery to threat hunting, fuel Microsoft Defender for IoT and Sentinel with Corelight.
Cloud coverage
Improve visibility, unlock threat hunting, and disrupt attacks in the cloud with Corelight's Cloud Sensor for AWS.
Open NDR integrates with the tools you already use
Open NDR capabilities
AI-powered SOC
AI is only as smart as the data you feed it. Corelight data is open, transparent, and explainable. This fuels detections that stop evasive threats, reducing triage time, and enabling agentic AI throughout the SOC. Corelight leverages diverse ML techniques for its multi layered threat detection, incorporating both traditional models and advanced deep learning models such as CNNs, RNNs, and recommender systems like NCF.
Network monitoring with Zeek®
Zeek® transforms network traffic into compact, high fidelity transaction logs. This allows defenders to understand activity, detect attacks, and respond to them in a timely manner. Zeek® gathers metadata and extracted file, and formats everything for input into any SIEM or XDR.
Intrusion detection with Suricata®
Corelight integrates high-performance, signature-based alerts with rich network context to lower response times and clarify attack impact. With deep integration, you can accelerate identification, risk assessment, containment, and closure.
Static file analysis with YARA
Corelight Open NDR integrates file analysis powered by YARA to provide pattern-based detection and rapidly analyze large volumes of files, facilitating the identification of malware.
Threat intelligence
A constant stream of low quality alerts create significant alert fatigue. Corelight uplevels your threat detection workflow by combining CrowdStrike's premium intelligence with Corelight's high fidelity network evidence. This greatly improve identification of known and unknown threats while reducing manual effort and streamlining operations.
Forensics with smart PCAP
Corelight links Zeek® logs, detections, and extracted files to only the packets you need for investigations. Security teams can quickly pivot from alerts to PCAP files with one click retrieval via SIEM or investigator.
Get more information on Corelight
You can leave us your details and we will get back to you, for an initial non-obligatory first contact.
Our expertise
Benefit from over 25 years of deep expertise and high-quality service delivery across our key areas
Resource center
Search through our library of resources for inspiration on how amasol has helped other customers to power their experience business.
Why amasol
We aim to increase agility, increase the value proposition and improve the efficiency of IT and thus increase business success.
Our events
From expert discussions to hands-on workshops, we connect strategy with technology.Discover more
English (UK) 
Deutsch 
Schenker relies on Dynatrace and amasol for user experience monitoring and application performance management in the air and sea freight sector
Dynatrace’s comprehensive support for modern cloud, on-premise, and hybrid environments also ensures scalability and long-term adaptability. The result is a more reliable, cost-effective, and easier-to-manage observability solution compared to fragmented systems or less integrated deployments.
Dynatrace & amasol: Stronger together
85% of technology leaders say the number of tools, platforms, dashboards, and applications adds to the complexity of managing a multicloud environment. amasol simplifies IT operations, enhances performance, and drives seamless business continuity with our unified observability solutions.
Dynatrace & amasol: Stronger together
Dynatrace provides valuable insights into your IT processes. amasol connects the dots between your business requirements and IT processes.
Successful registration to our Exeon Workbench
Good day,
thank you for registering for the Workbench | Threat detection with AI-based behaviour analysis.
Here is the most important information:
When: Tuesday, 30th of September 2025 | 10 a.m. – 11 a.m.
Where: Online via Zoom.
We look forward to your participation and to interesting discussions and presentations on the topic of Detectability.
Kind regards
Laura Ilgner
You will receive a reminder email from us one week before the event.
Successful registration to the DX NetOps Usergroup in Vienna
Good day,
thank you for registering for the DX NetOps User Group from amasol.
Here is the most important information:
When: Thursday, 9 October 2025 | 9:45 a.m. – 5:00 p.m.
Where: MEZZANIN Meetings & Events by Zeitgeist Vienna near Vienna Central Station
Here you will find information on the location and how to get there.
We look forward to your participation and to interesting discussions and presentations on the topic of Broadcom.
Kind regards
Laura Ilgner
You will receive a reminder email from us one week before the event.
Lorem ipsum dolor sit amet, consectetur adipiscing elit. Ut elit tellus, luctus nec ullamcorper mattis, pulvinar dapibus leo.