amasol

The network is the truth. Open NDR. Real evidence.

Corelight provides industry-leading network detection and response (NDR) solutions powered by open-source Zeekz and Suricata®. The platform turns network data into definitive evidence, powering AI-driven detection and expert authored workflows, and enabling the AI SOC ecosystem.

Advanced threats move fast. Corelight moves faster.

Corelight is the leader in Open Network Detection and Response (NDR). It is engineered to provide the ground truth for the Security Operations Center (SOC) teams. While traditional tools rely on fragmented logs, Corelight interrogates the network in real-time, transforming raw and messy packets into a forensic grade record of network activity across on-premises, cloud, and hybrid environments. This creates a single source of truth that attackers cannot alter. What sets Corelight apart is its open-source heritage that is fused with enterprise-grade performance. By leveraging a passive, out-of-band approach, Corelight captures a copy of your raw traffic without ever impacting your network performance. By fusing signature-based Intrusion Detection System (IDS) alerts from Suricata® with Zeek’s rich network evidence, Corelight delivers an unmatched NDR experience. It eliminates manual log stitching through its Unique ID (UID) system. This dramatically reduces alert noise and lowers the Mean Time to Respond (MTTR) to a speed that matches the urgency of today’s landscape.

Key benefits

Unmatched Network Visibility

Monitor east-west and north-south traffic across hybrid environments

Open-Source Power

Built on trusted Zeek® and Suricata® frameworks for transparency and extensibility

Accelerated Threat Detection

Identify and respond to sophisticated attacks faster

Open NDR

Open NDR combines dynamic network detections, AI, intrusion detection System (IDS), network security monitoring (NSM), threat intelligence, static file analysis, and packet capture (PCAP) in a single security tool that’s powered by proprietary and open-source technologies Zeek® and Suricata®, and YARA. Read more

Analytics & detection

Illuminate and disrupt attacks hidden in your network. Receive unmatched visibility and precision crafted detections to catch evasive threats. Backed by AI and workflow automation, you move from alert to action, faster. Read more

MITRE ATT&CK®

Uncover over 80 techniques, with exceptional visibility into adversary methods used for defense evasion, credential access, discovery, and command and control. Read more

Corelight at its core

Start with the right telemetry

Zeek® is the gold standard for network monitoring, with over 10,000 deployments. It doesn't just collect data, it interrogates the network. This transforms raw packets into contextualized logs, which is the network evidence required for modern defense. Every log is linked by a unique ID (UID), providing the interconnected evidence required for rapid modern defense.

Correlate alerts & packets into evidence

Corelight fuses signature-based Intrusion Detection Service (IDS) alerts from Suricata® with Zeek® network evidence. This correlated package is then delivered to your Security Information and Event Management (SIEM), Extended Detection and Response (XDR) for remediation.

Apply the right detection approach per threat

Leverage artificial intelligence, machine learning, behavioral analytics, and other signatures to lower false positives and accelerate detection engineering response time.

Automate core SOC capabilities

Corelight open core approach and broad integration strategy allows you to easily integrate Corelight data into existing SIEM, XDR, and Security Orchestration, Automation, and Response (SOAR) solutions.

Benefits of Open NDR

Network visibility

Fortify EDR with NDR to reach 100% network visibility, effectively eliminating blind spots in Domain Name System (DNS), Operational Technology (OT), and encrypted traffic. This comprehensive coverage provides early visibility into adversary activity, allowing you to disrupt attacks with deep network insight.

Detections

Immediately improve network coverage with Open NDR’s 70,000+ out-of-the-box signatures, behavioral, AI, and other detections that identify over 80 ATT&CK TTPs. Then, add your own custom detections or novel innovations from open-source contributors.

Incident response

Open NDR provides essential context via AI and links alerts to network data. Together with automation tools that amplify real issues and reduce noise.

Toolset consolidation

Drive 4:1 tool consolidation by unifying metadata, files, IDS, and PCAP to power comprehensive threat detection coverage, all in a single platform.

The Open NDR promise

What is Open NDR?

Network detection and response (NDR) is a cybersecurity technology that continuously monitors network traffic from physical and cloud-based environments. NDR solutions include extended visibility, enriched network data, detection, threat hunting, forensics, and response capabilities. These solutions are often delivered as a combination of physical, virtual, software, and cloud appliances. It enables security teams to more quickly detect adversary activity and respond to security incidents.

The “Open” approach to NDR builds on this foundation using transparent, community-driven technologies like Zeek®, Suricata®, and Sigma, enhanced with artificial intelligence. Unlike proprietary NDR platforms, Open NDR gives teams complete control over their data and detections, allowing them to customize threat detection for their unique environment, filter alerts without vendor constraints, and integrate seamlessly with existing tools like CrowdStrike Falcon or Splunk. Because data remains fully portable and standards-based, organizations avoid vendor lock-in while enabling faster threat hunting and forensics.

How Open NDR works

Control

With no vendor lock-in to proprietary toolsets, you own your data, which ensures that solutions can be modified to exact specifications. This independence allows you to maintain customization and detection privacy from vendors, providing a foundation of full control over your security architecture.

Compatibility

Open NDR is compatible with leading SIEMs, XDR systems, data lakes, and other platforms. This flexibility is further supported by an ecosystem of additional third party and free open source services and solution. Ensure seamless integration across your entire stack.

Community

Community driven development of new research, detections, and innovations enables a fast response to new threats from a wider mindshare. This is bolstered by a broad support network from open source communities. Not to mention, the vast amount of educational content and training.

Confidence

Highly peer reviewed software can improve security and reduce vulnerability risk. AI enhanced threat hunting assists your team against complex adversaries. These capabilities are tested in real customer environments and built on the design patterns of the world's elite defenders.

MITRE ATT&CK®

MITRE ATT&CK® is a globally-accessible knowledge base of adversary tactics and techniques based on real-world observations. The ATT&CK knowledge base is used as a foundation for the development of specific threat models and methodologies in the private sector, in government, and in the cybersecurity product and service community.

While the MITRE framework provides the “what” and the “why” of cyberattacks, Corelight provides the “how”. After providing your SOC team with evidence-based context through Zeek® logs, Corelight illuminate network blind spots by catching critical move like C2 and exfiltration that occur entirely on the network. 

Explore the map of Corelight’s MITRE ATT&CK® coverage.

Work faster

with native CIM and data model integration for Splunk Enterprise Security and Splunk SOAR.

Complete coverage

Get true XDR capability with Crowdstrike + Corelight for the best depth and breadth.

Threat hunting

From device discovery to threat hunting, fuel Microsoft Defender for IoT and Sentinel with Corelight.

Cloud coverage

Improve visibility, unlock threat hunting, and disrupt attacks in the cloud with Corelight's Cloud Sensor for AWS.

Open NDR integrates with the tools you already use

Open NDR capabilities

AI-powered SOC

AI is only as smart as the data you feed it. Corelight data is open, transparent, and explainable. This fuels detections that stop evasive threats, reducing triage time, and enabling agentic AI throughout the SOC. Corelight leverages diverse ML techniques for its multi layered threat detection, incorporating both traditional models and advanced deep learning models such as CNNs, RNNs, and recommender systems like NCF.

Network monitoring with Zeek®

Zeek® transforms network traffic into compact, high fidelity transaction logs. This allows defenders to understand activity, detect attacks, and respond to them in a timely manner. Zeek® gathers metadata and extracted file, and formats everything for input into any SIEM or XDR.

Intrusion detection with Suricata®

Corelight integrates high-performance, signature-based alerts with rich network context to lower response times and clarify attack impact. With deep integration, you can accelerate identification, risk assessment, containment, and closure.

Static file analysis with YARA

Corelight Open NDR integrates file analysis powered by YARA to provide pattern-based detection and rapidly analyze large volumes of files, facilitating the identification of malware.

Threat intelligence

A constant stream of low quality alerts create significant alert fatigue. Corelight uplevels your threat detection workflow by combining CrowdStrike's premium intelligence with Corelight's high fidelity network evidence. This greatly improve identification of known and unknown threats while reducing manual effort and streamlining operations.

Forensics with smart PCAP

Corelight links Zeek® logs, detections, and extracted files to only the packets you need for investigations. Security teams can quickly pivot from alerts to PCAP files with one click retrieval via SIEM or investigator.

Get more information on Corelight

You can leave us your details and we will get back to you, for an initial non-obligatory first contact.

[contact-form-7 id="e19fffc" title="Contact Form"]
amasol miniature world with 2 dies on 4 to represent the 4 Abilities of Operational Excellence, two cows and miniature people

Our expertise

Benefit from over 25 years of deep expertise and high-quality service delivery across our key areas

amasol miniature world with a floppy disk and minaiture people. Including a banner with the amasol logo and a banner with the word blog

Resource center

Search through our library of resources for inspiration on how amasol has helped other customers to power their experience business.

amasol miniature world with a robot and miniature people which represent amasol

Why amasol

We aim to increase agility, increase the value proposition and improve the efficiency of IT and thus increase business success.

amasol miniature world with a multifunctional tool and a black board saying events

Our events

From expert discussions to hands-on workshops, we connect strategy with technology.

Discover more

Banner for Customer Success Stories, with a container ship and DB Schenkers Logo on top

Schenker relies on Dynatrace and amasol for user experience monitoring and application performance management in the air and sea freight sector

Dynatrace’s comprehensive support for modern cloud, on-premise, and hybrid environments also ensures scalability and long-term adaptability. The result is a more reliable, cost-effective, and easier-to-manage observability solution compared to fragmented systems or less integrated deployments.

From Observability to Sustainability and Green IT

Dynatrace & amasol: Stronger together

85% of technology leaders say the number of tools, platforms, dashboards, and applications adds to the complexity of managing a multicloud environment. amasol simplifies IT operations, enhances performance, and drives seamless business continuity with our unified observability solutions.

Dynatrace & amasol: Stronger together

Dynatrace provides valuable insights into your IT processes. amasol connects the dots between your business requirements and IT processes.

Successful registration to our Exeon Workbench

Good day,

thank you for registering for the Workbench | Threat detection with AI-based behaviour analysis.

Here is the most important information:

When: Tuesday, 30th of September 2025 | 10 a.m. – 11 a.m.
Where: Online via Zoom.

We look forward to your participation and to interesting discussions and presentations on the topic of Detectability.

Kind regards
Laura Ilgner

You will receive a reminder email from us one week before the event.

Successful registration to the DX NetOps Usergroup in Vienna

Good day,

thank you for registering for the DX NetOps User Group from amasol.

Here is the most important information:

When: Thursday, 9 October 2025 | 9:45 a.m. – 5:00 p.m.
Where: MEZZANIN Meetings & Events by Zeitgeist Vienna near Vienna Central Station
Here you will find information on the location and how to get there.

We look forward to your participation and to interesting discussions and presentations on the topic of Broadcom.

Kind regards
Laura Ilgner

You will receive a reminder email from us one week before the event.

Lorem ipsum dolor sit amet, consectetur adipiscing elit. Ut elit tellus, luctus nec ullamcorper mattis, pulvinar dapibus leo.