Corelight Open NDR Platform

Corelight sensors capture network traffic.

AI-driven detection identifies suspicious connections between internal hosts.

Analysts investigate the connections using expert-authored workflows.

Compromised systems are identified and isolated.

Alert from email security solution triggers investigation in Corelight.

Analysts use Corelight to identify network connections originating from the user's device.

Suspicious traffic to command-and-control servers is detected.

Compromised credentials are reset and the user is educated.

Corelight sensors monitor network traffic for large file transfers.

Behavioral analytics identify unusual data transfer patterns.

Analysts investigate the destination of the data and the user involved.

Data exfiltration is stopped and the incident is contained.

Alert from endpoint detection and response (EDR) system triggers investigation in Corelight.

Analysts use Corelight to identify other systems communicating with the infected host.

Network connections to those systems are blocked.

Ransomware is contained and systems are restored from backup.

Security team uses Corelight to analyze network traffic for unusual patterns.

Analysts identify suspicious traffic based on threat intelligence and expert knowledge.

Potential zero-day exploits are investigated and confirmed.

Mitigation measures are implemented to protect the network.