Corelight was founded by the creators of the open-source Bro project. Bro data is 100x richer than netflow data, 100x smaller than traditional packet capture (PCAP), and, anecdotally, provides 20x faster Digital Forensics and Incident Response (DFIR). Corelight makes Bro enterprise ready.
Corelight also makes deploying sensors easy.
For an overview of Corelight and how it makes the power of Bro open-source enterprise ready and easy for organizations to deploy see this short overview with Alan Saldich:
For a summary of one of many of Bro’s feature see this short discussion of how DNS logs plus query and response are pulled together for threat hunting:
This is one of many Bro features, but gives an example of how easy things can be made for threat hunters.
For more see Corelight.com
- Pulumi: SaaS multicloud app deployment service
- We love ideas like this: Open-source hardware could defend against the next generation of hacking
- Zeek Is New Name for Bro
- FingBox Gives You Network Superpowers: Network security that contributes to physical security