Corelight is the most powerful network visibility solution for information security professionals. It provides real-time data that organizations use to understand, detect, and prevent cyber attacks. Corelight puts you in position to see your network like no one else can. Built from the bottom up for security operators, our data captures over 50 protocols for extraordinary breadth and vital detail across your entire environment.
Corelight makes powerful network security monitoring (NSM) solutions that transform network traffic into rich logs, extracted files, and security insights, helping security teams achieve more effective incident response, threat hunting, and forensics. Corelight Sensors run on Zeek (formerly called “Bro”), the open-source NSM tool used by thousands of organizations worldwide.            

Appliance Sensors

Enterprise-grade Zeek sensors in a hardware form factor.

Product Portfolio

Corelight AP 3000 Sensor

High-throughput network insight
The AP 3000 reliably scales Zeek and Suricata to deliver high-fidelity
network data to your analytics pipeline

The Corelight AP 3000 Sensor is Corelight's most powerful appliance, designed to monitor network speeds up to 25 Gbps. 
Simple to deploy and integrate with existing analysis tools, the AP 3000 transforms 25+ Gbps of network traffic into rich, interlinked Zeek data with embedded Suricata alerts for incident response, intrusion detection, forensics and more. 

Corelight AP 1001 Sensor

Visibility made simply elegant
The Corelight AP 1001 Sensor gives your SOC comprehensive,
actionable insights into your network with high-fidelity,
structured data.

The Corelight Sensor AP 1001 handles monitoring of high bandwidth links with ease and deploys in minutes.
Simple to deploy and integrate with existing analysis tools, the AP 1001 transforms up to 10 Gbps of network traffic into rich, interlinked Zeek data with embedded Suricata alerts for incident response, intrusion detection, forensics and more. 

Corelight AP 200 Sensor

Full network visibility in a half-depth sensor
Corelight designed the AP 200 Sensor to deliver Zeek evidence and
Suricata alerts in a compact size that thrives in small server closets or on cramped factory floors.

The Corelight AP 200 Sensor is ideal for branch offices or high value enclaves that need comprehensive network monitoring.
Simple to deploy and integrate with existing analysis tools, the AP 200 transforms up to 2 Gbps of network traffic into rich, interlinked Zeek data with embedded Suricata alerts for incident response, intrusion detection, forensics and more.

Software Sensors

Easily deploy Zeek natively on any Linux platform or within containers via a lightweight software binary.

Product Portfolio

Corelight Software Sensor

Extraordinary network insight, anywhere
Corelight's new Software Sensor was created for maximum versatility. It goes where our physical sensors can't, such as containers and customer-provided hardware.
 
The Corelight Software Sensor is our most flexible offering, enabling you to get Zeek data where Corelight physical sensors can’t be deployed.
The Software Sensor transforms network traffic into high-fidelity data for incident response, intrusion detection, forensics and more. 

Cloud Sensors

Available for AWS, Microsoft Azure, and Google Cloud Platform, our Cloud Sensors package enterprise Zeek at speeds up to 8 Gbps.

Product Portfolio

Cloud Sensor for AWS

Comprehensive network security monitoring in the AWS cloud
The creators of Zeek (formerly known as Bro) designed the Corelight Cloud Sensor to transform Amazon VPC traffic into rich logs, extracted files, and custom insights that accelerate incident response and unlock new threat hunting capabilities. 
 

Cloud Sensor for Azure

Comprehensive monitoring in Azure
The creators of Zeek designed the Corelight Cloud Sensor to transform Microsoft Azure traffic into rich logs, extracted files, and custom insights to accelerate incident response and unlock new threat hunting capabilities.

Cloud Sensor for GCP

Comprehensive network insight in Google Cloud
The creators of Zeek designed the Corelight Cloud Sensor to transform GCP traffic into rich logs, extracted files, and custom insights that accelerate incident response and unlock new threat hunting capabilities

Virtual Sensors

Most flexible Zeek enterprise sensors, the Corelight Virtual Sensors are designed to monitor traffic anywhere at speeds up to 8 Gbps.

Product Portfolio

Virtual Sensor for Hyper-V

Flexible traffic visibility in a virtual form factor
The Corelight Virtual Sensor for Hyper-V is designed to go wherever you need it, analyzing network traffic at speeds of up to 8 Gbps.

The Corelight Virtual Sensor is designed to monitor traffic anywhere at speeds up to 8 Gbps using scalable configurations for Hyper-V.

Virtual Sensor for Vmware

Flexible traffic visibility in a virtual form factor
The Corelight Virtual Sensor for VMware is designed to go wherever you need it, analyzing network traffic at speeds of up to 8 Gbps.

The Corelight Virtual Sensor is designed to monitor traffic anywhere at speeds up to 8 Gbps using scalable configurations for VMware.