Corelight Open NDR Platform

Corelight Open NDR Platform is a network detection and response solution that provides network visibility and threat detection capabilities. The platform combines multiple security functions including intrusion detection systems (IDS), network security monitoring (NSM), threat intelligence, static file analysis, and packet capture (PCAP) capabilities. The platform is built on open-source technologies including Zeek for network security monitoring, Suricata for intrusion detection, and YARA for pattern matching. It generates network telemetry data that can be used for security analysis and threat detection. The solution includes machine learning, behavioral analytics, and signature-based detection methods to identify threats. It correlates alerts with packet data to provide context for security investigations. The platform captures and analyzes network traffic to create evidence that can be used during incident response activities. Corelight Open NDR is designed to integrate with existing security infrastructure including SIEM, XDR, and SOAR platforms. The platform provides centralized management capabilities for deploying and managing network sensors across distributed environments. The solution aims to provide detection coverage across network environments while reducing false positives through multiple detection approaches. It generates structured network data that security teams can use for threat hunting, incident response, and security operations activities.