Corelight Introduces Smart PCAP to Give Security Teams Immediate Access to the Right Network Evidence
August 2021 by Marc Jacob
Corelight, provider of the industry’s leading open network detection and response (NDR) platform, today launched Smart PCAP for its Corelight AP 3000 Sensor. With Smart PCAP, defenders can capture just the packets needed for investigations and retrieve them with a single click from their SIEM.
Smart PCAP is a new licensed feature that offers a cost-effective alternative to full packet capture, delivering weeks to months of packet visibility interlinked with Corelight logs, extracted files, and security insights for fast pivots and investigation. Unlike other solutions that offer selective PCAP capabilities, Corelight Smart PCAP is encryption-aware, tracks protocol activity across ports, and directly integrates with the security gold standard for network evidence, Zeek. With Corelight, analysts can configure and selectively capture packets based on:
Anomalous traffic activity
Corelight began offering Suricata integration with Zeek in its Corelight AP 3000 Sensor in June 2020, and today the company also announced it is extending Suricata-based threat detection to Corelight Virtual Sensors and also to AWS, GCP, and Azure environments via the Corelight Cloud Sensor. This unique integration of Corelight’s licensed Suricata feature fuses the resulting alerts with Corelight’s log evidence to simplify investigations and data export to SIEM.
Corelight Smart PCAP and Suricata-based support for Corelight Virtual Sensors and cloud environments is now available in software version 22. More information on today’s news can be found in the products section on the Corelight website.