Corelight blends with Elasticsearch to deliver incident response, threat hunting with Elastic Stack

Corelight, provider of network visibility solution for cybersecurity, announced on Wednesday product integration with distributed and real time search engine Elasticsearch. Now organizations can import Corelight network logs directly to Elasticsearch, which makes the Elastic Stack a powerful platform for incident response and threat hunting.

The integration is part of Corelight’s latest software release, version 1.13 and delivers native integration with the Elasticsearch API, offering a streamlined Corelight log export option that gives customers the choice to export directly to Elasticsearch or into Logstash.

Based in San Francisco, California, Corelight built its first solution incorporating Bro, a widely-used open source framework that provides wide-ranging real-time understanding of the traffic on the network. Its first product, the Corelight Sensor, is an appliance that provides detailed information organized in ways to help users understand network traffic deeply and take action to stop and prevent cyber attacks.

Bro helps security teams understand, detect, and prevent breaches by transforming raw network traffic into actionable data for real-time analysis, intrusion detection, forensics, and other applications. In addition, many organizations use Bro to extract and re-assemble files transferred over the network.

Bro can parse dozens of network protocols, detecting off-port protocol usage (for example, unauthorized web servers running on non-standard ports). The Bro platform also includes a programming language optimized for network traffic analysis, and this language can be used to build applications – for example, ransomware detection based on the behavior of attackers, rather than the signature of a specific attack.

The company has been supported by an SBIR grant, and the Bro project was initially funded by the National Science Foundation (NSF) at the International Computer Science Institute (ICSI).

“As a network traffic analysis solution, Corelight is focused on turning high-volume network traffic into high-fidelity data for incident response, intrusion detection, and forensics,” said Vince Stoffer, director of customer solutions at Corelight. “Making it easy for companies adopting Elasticsearch to ingest Bro logs is really important. Whether they ingest data into Elasticsearch directly, or into Logstash, the depth and granularity that Bro provides about network traffic can be a real game changer for cybersecurity forensics.”

Leave a Reply

WWPI – Covering the best in IT since 1980