Corelight AI-powered SOC is a network detection and response platform that combines machine learning-based threat detection with generative AI capabilities for security operations. The platform provides forensic-grade network evidence collection and analysis across on-premise, hybrid, and multi-cloud environments. The solution employs supervised and unsupervised machine learning models, including CNNs, RNNs, and recommender systems like NCF, to detect evasive, novel, and zero-day threats through behavioral and anomaly detection. The ML detections are designed to reduce false positives and minimize manual tuning requirements. The platform includes GenAI-powered workflows for SOC operations, featuring AI assistance for log summaries, response guidance, natural language queries, and chat capabilities. AI triage functionality automates correlation, investigation, verdicts, and findings summaries to reduce mean time to detect and respond. AI investigation features provide automated alert scoring, prioritization, and actionable next steps. Corelight generates structured, context-rich network data based on open-source standards that integrate with SIEMs and AI/ML pipelines. The platform includes a Model Context Protocol (MCP) server for AI orchestration, investigation promptbooks with LLM prompts for automated alert investigation, and analyst assistant promptbooks for day-to-day activities. The solution provides access to network logs, alerts, and detection data through pre-built tools and natural language interfaces, with transparent detailing of investigation steps taken.