Corelight Sensors with Full Packet Capture

Integrate EndaceProbe always-on packet capture with Corelight Sensors for fast and accurate investigations.

Corelight Sensors are built on Zeek (formerly known as Bro), the powerful and widely-used open source network analysis tool.

Corelight's structured logs use the EndaceProbe's Pivot-to-Vision integration to deliver deep contextual insight for rapid investigation and response. From alerts in Corelight log files, analysts can pivot directly to the packets and respond to security threats with much greater speed and accuracy.

Corelight virtual Sensors can be hosted on the EndaceProbe in Application Dock. Every packet captured and recorded by the EndaceProbe can also be streamed to Corelight Sensors in real time.

See it in Action

Watch this short (05:00) demo video to see how enriched metadata from Corelight Sensors can be combined with Endace Network History to give analysts the complete visibility into network activity that they need to be able to investigate and respond quickly to cyberthreats and network performance issues.

Capture every threat, breach and outage

Recall every network activity with perfect clarity. Always on packet capture means you always have the data you need.

Visibility across your entire hybrid network

Record weeks to months of traffic from across your distributed, on-premise, public and private cloud network.

Faster investigation and response

Rapid, centralized search and data-mining puts conclusive forensic evidence at your fingertips in seconds not hours.

Powerful forensics

Quickly and accurately reconstruct events, analyze pcap data and reassemble files with InvestigationManager.

Enterprise-class scalability

Your entire estate of EndaceProbes, physical and cloud, managed centrally, with network-wide investigations from a single pane-of-glass.

Fits the way you work

Endace’s prebuilt integrations with Corelight Sensors and other tools in your environment provides one-click access to full packet data for streamlined workflows.