Corelight Extends Open NDR Platform with New Software Sensor, Expands Security Visibility and Advanced Event Analysis Across Hybrid, Multi-Cloud Environments

San Francisco, Calif.—Oct. 21, 2020—Corelight, provider of the industry’s first open network detection and response (NDR) platform, today released new capabilities that provide users with greater network security visibility and the ability to support advanced threat analysis across their entire environment, from physical to cloud. Corelight’s new Software Sensor and Corelight Cloud Sensor for Google Cloud Platform (GCP) deliver comprehensive security insights into network traffic on any platform.

“Organizations today are faced with the challenge of limited visibility across distributed locations, or they have built their network infrastructure in the cloud using Google Cloud or other platform providers,” said Vijit Nair, senior director of product management for Corelight. “With the Corelight Software Sensor and Corelight Cloud Sensor for GCP, customers can now confidently normalize their network visibility across all platforms and truly benefit from Corelight ‘anytime, anywhere.’”

The Corelight Software Sensor is a lightweight standalone application, which can be deployed on any Linux platform, in containers or in the cloud, and is suitable for remote branch offices or low-bandwidth sites. In addition, the Corelight Software Sensor integrates easily with, and provides streaming log support for, Kafka, JSON, Splunk, REDIS, and syslog.

The Corelight Cloud Sensor for GCP brings high-performance Zeek monitoring to the cloud, making it possible to ingest traffic directly from GCP Packet Mirroring for compute or Kubernetes instances, or from third-party agents. In addition, the Corelight Cloud Sensor for AWS is now available for deployment with AWS GovCloud, making it compliant with US government security standards for federal agencies and other government organizations.

Today’s launch also extends Suricata integration across the full portfolio of physical Corelight sensors. Initially made available only on the Corelight AP 3000, Suricata support is now available to customers using the Corelight AP 200 and Corelight AP 1001. This ensures that more organizations will benefit from native Zeek and Suricata integration, resulting in superior combined performance, fused datasets for faster investigations and simplified data export controls.

“We are thrilled to extend Suricata support across the full portfolio of Corelight sensors,” said Sarah Banks, senior director of product management for Corelight. “The combined power of Zeek and Suricata means that security teams can turn discoveries into automated threat detections, saving them time and ensuring identification of real threats in real time.”


The Corelight Software Sensor and Corelight Cloud Sensor for GCP are now available for purchase. Corelight software version 20 is also now available to customers. A new two-port 10G management NIC will ship on all Corelight AP 1001 and 3000 sensors and is now available as an add-on purchase for existing customers. More information on each of today’s enhancements can be found in the product section of Corelight’s website.

About Corelight

Corelight gives defenders unparalleled insight into networks to help them protect the world’s most critical organizations and companies. Based in San Francisco, Corelight is an open-core company founded by the creators of Zeek, the widely-used NSM tool. Corelight’s global customers include Fortune 500 companies, major government agencies, and large research universities. Corelight is based in San Francisco, Calif. For more information, visit or follow @corelight_inc