Security News > 2020 > June > Corelight announces open NDR platform by integrating Zeek and Suricata

Corelight announces open NDR platform by integrating Zeek and Suricata
2020-06-18 01:00

Corelight has integrated two powerful open-source projects, Zeek and Suricata, into a seamless solution that enables rapid pivoting from Suricata alerts into the rich network metadata extracted by Zeek.

"The power of deep integration between Zeek and Suricata is significant. Incident responders often deal with hundreds of Suricata alerts, but making sense of them quickly is challenging," said Brian Dye, chief product officer at Corelight.

Corelight's new integrated Suricata log includes the Unique ID familiar to Zeek users, which means an analyst can pivot directly from a Suricata alert directly into any of the Zeek logs to leverage powerful evidence about email, web traffic, SSL, DHCP, DNS and dozens of other data types inherent to Zeek.

"Our integration of Zeek with Suricata is the natural progression toward a truly open NDR platform for customers."

"The Open Information Security Foundation is excited to welcome Corelight into the Consortium. Corelight and Zeek are a long time and respected members of the Suricata community, and we are thrilled to be part of this exciting new solution in the network defender's arsenal," said Dr. Kelley Misata, president and executive director of OISF. Seamless integration of Suricata into the Corelight AP 3000 Sensor makes it possible for sophisticated security teams to rely on a single data source for unlocking advanced analysis capabilities in an easy to deploy form factor.


News URL

http://feedproxy.google.com/~r/HelpNetSecurity/~3/1Kv_QB_mMrI/