Corelight Intrusion Detection System is a network security solution that integrates signature-based intrusion detection alerts from Suricata with network evidence collected by Zeek. The system correlates IDS alerts with network context data and packages them together for delivery to SIEM, XDR, or Corelight's Investigator analytics platform. The product assigns a unique key to each alert package, enabling analysts to query and locate related network data within their security tools. This correlation aims to help security teams distinguish between true positives and false positives during alert triage. The system is part of Corelight's Open NDR Platform, which consolidates multiple network and security data sources across cloud, physical, and container deployments. The platform provides capabilities for data enrichment, log filtering, and linking related data sets. Corelight IDS supports deployment across various environments and can process network traffic at high throughput rates up to hundreds of gigabits per second. The system includes data filtering capabilities to reduce noise and optimize SIEM ingestion volumes. Technical Account Managers assist with system tuning and configuration to meet organizational requirements. The solution provides network evidence for incident response workflows including triage, investigation, and remediation activities. It delivers uniform data formats across different deployment types and enables analysis of network sessions, protocol behaviors, and file transfers.