Corelight

Open NDR platform built on the open-source Zeek network monitoring framework

ToolNetwork Detection & ResponseOpen SourceCloudSelf-hosted

Pricing: Contact for pricing

Updated June 2026.

What is Corelight?

Corelight is a network detection and response (NDR) vendor founded in 2013 by the creators of the open-source Zeek framework (formerly Bro). Its Open NDR Platform combines Zeek network evidence with Suricata intrusion detection, YARA file analysis, behavioral analytics, machine learning, and packet capture for threat detection, investigation, and incident response. It is positioned as an open-core product and integrates with SIEM and XDR tools, supporting on-premise appliances, virtual and software sensors, and cloud deployments across AWS, Azure, and GCP. Corelight remains a steward of the Zeek project.

Best for: Teams wanting open, Zeek-based network evidence and forensics
Pros
  • Built on the open-source Zeek standard, producing high-fidelity, well-enriched network logs
  • Combines Zeek evidence with Suricata IDS and packet capture for detection and forensic context
  • Flexible deployment across appliances, virtual sensors, and major cloud providers
Cons
  • Reported learning curve; better suited to larger organizations and experienced SOC teams
  • Alerting reported as limited to Zeek and Suricata detections
  • Total cost can be high when feeding ingest-priced SIEMs, and pricing is not publicly listed

Key Features

Zeek-based network security monitoring and transaction logging
Suricata signature-based intrusion detection
YARA static file analysis
Behavioral analytics with machine learning
Smart PCAP forensic packet capture
Threat intelligence and MITRE ATT&CK coverage
SIEM and XDR integration
Cloud sensors for AWS, Azure, and GCP

Sources & references

Where the information on this listing comes from. Always verify pricing and capabilities against the vendor before a purchasing decision.

Corelight — official websitePrimary source
Open NDR Platform | Corelight
Official site
Corelight secures $75M Series D | TechCrunch
TechCrunch
Corelight Open NDR Platform Reviews | Gartner Peer Insights
Gartner Peer Insights

Spot an error, or do you represent Corelight? Request a correction.

Quick Info
PricingContact for pricing
ModelOpen source + Enterprise subscription
Founded2013
CloudYes
Self-HostedYes
Open SourceYes
Visit Website →

Last updated: Jun 18, 2026

Corelight Alternatives
View All Alternatives
Darktrace
AI-driven cyber defense using self-learning technology...Vectra AI
AI-powered NDR with Attack Signal Intelligence for hybrid cl...ExtraHop
Cloud-native NDR with line-rate network traffic analysis...Stamus Networks
Suricata-based network detection and response with an open-s...Arista NDR
Agentless, AI-assisted network detection and response for ca...
In the glossary
NDR