We use the solution for packet capture sampling. We offer it as part of our managed service. It's so we can identify east-west traffic on a customer's network.
Reviews from AWS customer
0 AWS reviews
-
5 star0
-
4 star0
-
3 star0
-
2 star0
-
1 star0
External reviews
23 reviews
from
and
External reviews are not included in the AWS star rating for the product.
An open-source solution that gave us insight into our clients' network traffic flow
What is our primary use case?
What is most valuable?
Corelight is low-cost and made on open-source, and the code is Zeek. It's an easy way for us to get visibility in a client's environment.
What needs improvement?
Corelight hasn’t added features in a long time.
For how long have I used the solution?
I have five years of experience with the solution.
What do I think about the stability of the solution?
The solution is stable.
What do I think about the scalability of the solution?
The solution is very scalable.
How was the initial setup?
The initial setup was straightforward. When deploying Corelight, the customer just needs to put the solution on a VM. The only maintenance required is the maintenance of the license.
What was our ROI?
We immediately realized the solution’s ROI. Its visibility into east-west traffic, being able to sample capture, gives a sense of traffic flow. Moreover, it's inexpensive.
What's my experience with pricing, setup cost, and licensing?
The product is open-source.
What other advice do I have?
I rate the solution an eight out of ten.
security engineer
What do you like best about the product?
I like how it simplifys the management and setup of a highly advanced NIDS
What do you dislike about the product?
I dislike the lack of visibility in tuning/modifying the detection signatures
What problems is the product solving and how is that benefiting you?
it provides the critical visibility and data needed investigations and incident response.
It has an easy to use interface
What do you like best about the product?
It has helped me to have a broader visibility of the devices that connect to the network and process the traffic of our network with the sensors that also help to detect possible vulnerabilities
Based on my experience, I can confirm that the help service is quite useful and efficient in solving everything correctly and quickly.
Based on my experience, I can confirm that the help service is quite useful and efficient in solving everything correctly and quickly.
What do you dislike about the product?
So far I haven't found anything I don't like about Corelight
What problems is the product solving and how is that benefiting you?
improved network visibility with extreme coverage reporting dangerous threats that would cause serious incidents
Great tool for Analyze and Monitor Traffic
What do you like best about the product?
Corelight is a Centralized Administration tool. its interface is user friendly.
What do you dislike about the product?
Nothing found so far that i dislike Corelight
What problems is the product solving and how is that benefiting you?
Provide Network visibility and play significant role
A premier tool for advanced SOCs
What do you like best about the product?
If your SOC needs better visibility, in particular in a way that will integrate with any of the other tools in your security stack, Corelight is the way to do it. In 15 minutes you can turn a network tap into rich metadata about every packet that's crossed that wire, in an open source format that works with any SIEM, schema, or other setup that might be valuable to you. Their Suricata integration is also the best IDS setup on the modern market, and their customer support is second to none. You'll be glad to work with Corelight, both the tech and the people!
What do you dislike about the product?
Corelight is best suited for larger organizations. The cost to ingest data into SIEMs whose pricing model runs on ingest can be high, and less advanced SOCs will have a learning curve using the tool.
What problems is the product solving and how is that benefiting you?
I can triage alerts much more rapidly, and I have a better asset inventory than ever before. It's a source of truth that has a lot of applications - there are plenty more than I'm using it for, for sure!
Right Tool, Great Support
What do you like best about the product?
Corelight appliances do one thing and do it well: process your network traffic through analysis engines. Corelight support staff know what they're doing, reply promptly, and resolve most issues within two emails.
What do you dislike about the product?
We've seen Corelight grow quite a bit since we first became a customer. I worry they might one day adopt Cisco's strategy of adding unnecessary features in the pursuit of achieving vendor lock-in. Doing would degrade the user experience and price out customers who can't afford a one-stop-shop security solution.
What problems is the product solving and how is that benefiting you?
Corelight solves the problem of having to maintain the physical and application layers of a network traffic analysis tool. This frees up our engineers to concentrate on configuring Zeek and Suricata, in turn improving the quality of the data used by our SOC.
Implementing Corelight monitoring as an MSSP for various customers
What do you like best about the product?
Very easy to deploy. The hardware sensors and pre-made VM images make deployment as an MSSP very easy as we can just hand this stuff to the customer and give them the key to our Fleet Manager and manage the rest on our side.
Fleet Manager in particular is really good for managing disparate configurations and one-offs across multiple customers.
Fleet Manager in particular is really good for managing disparate configurations and one-offs across multiple customers.
What do you dislike about the product?
I'd say Fleet Manager not having the ability to facilitate the particular MSSP scenario where the MSSP owns Fleet Manager and has a variety of customers in one instance, but the customer wants access to Fleet Manager for reporting or perhaps editing configurations. Because we can't silo customers in like a "site" fashion to prevent them from seeing other customer's data, it's a scenario we can't do right now.
What problems is the product solving and how is that benefiting you?
I'd say most customers have an idea of how much traffic they've got, but not the composition of it. That rich NTA data central to Corelight is the main value I've seen for the customer's side.
Great Company to Partner With
What do you like best about the product?
Their TAM team is very helpful when setting up the sensors. So far, the sensors are very easy to use. I like the fleet manager to manage all the sensors from one location.
What do you dislike about the product?
So far have hot found anything that I dislike
What problems is the product solving and how is that benefiting you?
It is giving our SOC visibility into the third leg of the SOC visibility triad - network monitoring.
Corelight at Mississippi State/HPC2
What do you like best about the product?
The support from the Corelight guys is amazing. They provide one-on-one support. They put out updates and features as necessary. Great product integration
What do you dislike about the product?
Increasing throughput or full packet capture would be significant investments.
What problems is the product solving and how is that benefiting you?
Corelight is our source of network visibility. It plays a significant role in our compliance posture.
Corelight - A great competitor in NDR space!
What do you like best about the product?
- Centralized administration
- Great customer service
- Administrator friendly user interfaces
- Great customer service
- Administrator friendly user interfaces
What do you dislike about the product?
- Can improve on the documentations/knowledge articles
- Needs only the involvement of Corelight Technical assistance team to carry out certain commands/options
- Needs only the involvement of Corelight Technical assistance team to carry out certain commands/options
What problems is the product solving and how is that benefiting you?
Help protect critical assets by continuous threat monitoring and reporting
showing 11 - 20