Corelight Features

Diagnose and resolve incidents without the need for human interaction.

Guide users through the resolution process and give specific instructions to remedy individual occurrences.

Cuts off network connection or temporarily inactivate applications until incidents are remedied.

Gathers information related to threats in order to gain further information on remedies.

Based on 10 Corelight reviews. Gives alerts when incidents arise. Some responses may be automated, but users will still be informed.

Integrates additional security tools to automate security and incident response processes.

Reduces time spent remedying issues manually. Resolves common network security incidents quickly

Information on each incident is stored in databases for user reference and analytics.

Produces reports detailing trends and vulnerabilities related to their network and infrastructure.

Analyzes recurring incidents and remedies to ensure optimal resource usage.

Gives alerts when incidents arise. Some responses may be automated, but users will still be informed.

Adminstrators can access and organize data related to incidents to produce reports or make data more navigable.

Administrators can organize workflows to guide remedies to specific situations incident types.

Sets a standard performance baseline by which to compare live network activity.

Charts or graphs live and historical network performance for quick status checking and analysis.

Gives insights into which specific network paths are performing suboptimally.

Documents the actions from endpoints within a network. Alerts users of incidents and abnormal activities and documents the access point.

Keeps records of each network asset and its activity. Discovers new assets accessing the network.

Provides security information and stores the data in a secure repository for reference.

Alerts users of incidents and allows users to intervene manually or triggers an automated response.

Reduces time spent remedying issues manually. Resolves common network security incidents quickly.

Documents cases of abnormal activity and compromised systems.

Information on each incident is stored in databases for user reference and analytics.

Gives alerts when incidents arise. Some responses may be automated, but users will still be informed.

Produces reports detailing trends and vulnerabilities related to their network and infrastructure.

Stores information related to common threats and how to resolve them once incidents occur.

Analyzes your existing network and IT infrastructure to outline access points that can be easily compromised.

Allows users to customize analytics with granulized metrics that are pertinent to your specific resources.

Allows users to search databases and incident logs to gain insights on vulnerabilities and incidents.

Provides risk scoring for suspicious activity, vulnerabilities, and other threats.

Provides tools for managing authentication credentials such as keys and passwords.

Analyzes data associated with security configurations and infrastructure to provide vulnerability insights and best practices.

Monitors configuration rule sets and policy enforcement measures and document changes to maintain compliance.

Supports compliance with PII, GDPR, HIPPA, PCI, and other regulatory standards.

Provides a centralized console for administation tasks and unified control.

Application Programming Interface - Specification for how the application communicates with other software. API's typically enable integration of data, logic, objects, etc. with other software applications.

Streamline the flow of work processes by establishing triggers and alerts that notify and route information to the appropriate people when their action is required within the compensation process.

Integrates additional security tools to automate security and incident response processes.

Allows users to track and control activity across cloud services and providers.

Provides image verification features to establish container approval requirements and continuously monitor for policy violations to identify containers with known vulnerabilities, malware, and other threats.

Constantly monitors acivity related to user behavior and compares activity to benchmarked patterns and fraud indicators.

Generate insights across IT systems utilizing event metrics, logging, traces, and metadata.

Scans application and image source code for security flaws without executing it in a live environment

Monitors container activities and detects threats across containers, networks, and cloud service providers.

Protects compute resources across a networks and cloud service providers. Serves as Firewall and prompts additional authentication for suspicious users.

Allows administrative control over network components, mapping, and segmentation.

Detects unauthorized access and use of privileged systems.

Detects anomalies in functionality, user accessibility, traffic flows, and tampering.

Provides multiple techniques and information sources to alert users of malware occurrences.

As reported in 10 Corelight reviews. Provides monitoring capabilities for multiple networks at once.

Detect new assets as they enter a network and add them to asset inventory.

As reported in 11 Corelight reviews. Constantly monitors activity related to user behavior and compares activity to benchmarked patterns

Continuously monitors network performance across the entire span of a network.

Sends alerts via pop-up notifications, texts, emails, or calls regarding network issues or failures.

Suggests potential remedies or improvements to slowdowns, errors, or failures.

Provides monitoring capabilities for multiple networks at once.

Provides monitoring capabilities for multiple networks at once.

Constantly monitors activity related to user behavior and compares activity to benchmarked patterns.

Provides all-encompassing display and analysis of environments, resources, traffic, and activity across networks.

Provides features to allow scaling for large organizations.

Gives alerts when incidents arise. Some responses may be automated, but users will still be informed.

Constantly monitors activity related to user behavior and compares activity to benchmarked patterns.

Constantly monitors traffic and activity. Detects anomalies in functionality, user accessibility, traffic flows, and tampering.

Facilitates the decryption of files and data stored using cryptographic algorithms.

Indexes metadata descriptions for easier searching and enhanced insights

Facilitates Artificial Intelligence (AI) or Machine Learning (ML) to enable data ingestion, performance suggestions, and traffic analysis.

Reduces time spent remedying issues manually. Resolves common network security incidents quickly.

Constantly monitors traffic and activity. Detects anomalies in functionality, user accessibility, traffic flows, and tampering.

Identifies potentially malicious files and applications for threats files and applications for abnormalities and threats.

Analyzes infortmation from a computer or other endpoint's memory dump for information removed from hard drive.

Identifies recently accessed files and applications for abnormalities and threats.

Parses and/or extracts emails and associated content for malware, phishing, other data that can be used in investigations.

Allows for parsing and/or extraction of artifacts native to Linux OS including but not limited to system logs, SSH activity, and user accounts.

Produces reports detailing trends and vulnerabilities related to their network and infrastructur

Provides all-encompassing display and analysis of environments, resources, traffic, and activity across networks. This feature was mentioned in 13 Corelight reviews.

As reported in 12 Corelight reviews. Facilitates Artificial Intelligence (AI) such as Machine Learning (ML) to enable data ingestion, performance suggestions, and traffic analysis.

Indexes metadata descriptions for easier searching and enhanced insight

Produces reports detailing trends and vulnerabilities related to their network and infrastructure.

Provides relevant and helpful suggestions for vulnerability remediation upon detection.

Reduces time spent remedying issues manually. Resolves common network security incidents quickly.

Tracks infrastructure resource needs and alerts administrators or automatically scales usage to minimize waste.

Monitors performance and statistics related to memory, caches and connections.

Detects anomalies in functionality, user accessibility, traffic flows, and tampering.

Actively monitors status of work stations either on-premise or remote.

Monitors data quality and send alerts based on violations or misuse.

Identifies potential network security risks, vulnerabilities, and compliance impacts.

Creates reports outlining log activity and relevant metrics.

Performs risk and security gap assessments for connected assets.

Assists with authentication and authorization of connected assets.

Provides general protection against device threats, such as firewall and antivirus tools.

Monitors device behaviors to identify abnormal events.

Responds to suspicious activity related to IoT devices. This may include actions such as threat containment and eradication as well as device recovery.

Provides security measures for IoT networks and gateways.

Automatically sends over-the-air (OTA) security updates to connected devices.

Sends timely security notifications to users in-app or through email, text message or otherwise.

Has a centralized dashboard for users to interact with.

Integrates with existing IoT hardware.

Is consistently available (uptime) and allows users to complete tasks reliably.

Provides pre-built or customizable performance reports.

Condenses long documents or text into a brief summary.

Allows users to generate text based on a text prompt.

Condenses long documents or text into a brief summary.

Allows users to generate text based on a text prompt.

Condenses long documents or text into a brief summary.

Offers full observability of all network environments, including on-premises, cloud, SD-WAN, WLAN, and edge computing.

Automatically detects and maps all network devices and architectures, reducing manual effort and improving visibility.

Provides true real-time network monitoring to detect and resolve issues instantly, rather than relying on near-time data.

Uses AI-driven analysis of historical and real-time data to forecast network issues before they impact performance.

Combines packet and flow analysis techniques to provide a comprehensive view of network traffic and performance.

Ensures all monitored network data is securely encrypted both in transit and at rest.

Supports integration with Zero Trust frameworks and identity management solutions to enhance network security.

Unifies network performance monitoring with security intelligence to identify and mitigate threats in real-time.

Continuously analyzes and adjusts network configurations to optimize performance and reliability.

Automates routine network monitoring tasks, reducing operational overhead and human error.

Uses machine learning to identify network anomalies, preventing security and performance issues before they escalate.

Automates corrective actions for common network issues, reducing downtime and manual intervention.

Leverages AI to anticipate hardware failures, capacity issues, and performance bottlenecks before they occur.

Capability to perform complex tasks without constant human input

Ability to break down and plan multi-step processes

Anticipates needs and offers suggestions without prompting

Makes informed choices based on available data and objectives

Capability to perform complex tasks without constant human input

Anticipates needs and offers suggestions without prompting

Capability to perform complex tasks without constant human input

Anticipates needs and offers suggestions without prompting

Makes informed choices based on available data and objectives

Capability to perform complex tasks without constant human input

Anticipates needs and offers suggestions without prompting

Makes informed choices based on available data and objectives

Capability to perform complex tasks without constant human input

Ability to break down and plan multi-step processes

Works across multiple software systems or databases

Capability to perform complex tasks without constant human input

Ability to break down and plan multi-step processes

Works across multiple software systems or databases

Improves performance based on feedback and experience

Engages in human-like conversation for task delegation

Anticipates needs and offers suggestions without prompting

Makes informed choices based on available data and objectives

Offers managed network detection and response services.

Offers managed detection and response services.