# Corelight Reviews
**Vendor:** Corelight  
**Category:** [Network Detection and Response (NDR) Software](https://www.g2.com/categories/network-detection-and-response-ndr)  
**Average Rating:** 4.6/5.0  
**Total Reviews:** 20
## About Corelight
Corelight&#39;s Open Network Detection and Response (NDR) Platform improves network detection coverage, accelerates incident response, and reduces operational costs by consolidating NDR, intrusion detection (IDS), and PCAP functionality in a single solution and by providing security analysts with machine learning-assisted investigations and one-click-pivots from prioritized alerts to the evidence needed to investigate and remediate them. Network Detection and Response platforms monitor and analyze network traffic, delivering telemetry into existing SIEM, XDR, or SaaS-based solutions. Corelight’s platform is unique because our detections and visibility engineering are community driven—with continuous content creation from Zeek®, Suricata IDS, and other Intel communities. And our integration with CrowdStrike XDR enables cross platform (EDR+NDR) analytics. This provides you with the most complete network visibility, powerful analytics, and threat hunting capabilities, and accelerates investigation across your entire kill chain. Corelight also delivers a comprehensive suite of network security analytics that help organizations identify more than 75 adversarial TTPs across the MITRE ATT&amp;CK® spectrum including Exfiltration, Command and Control (C2), and Lateral Movement. These detections reveal known and unknown threats via hundreds of unique insights and alerts across machine learning, behavioral analysis, and signature-based approaches. CORELIGHT PRODUCTS + SERVICES Open NDR Platform Appliance, Cloud, Software, Virtual and SaaS Sensors IDS Fleet Manager Investigator Threat Hunting Platform Smart PCAP Corelight Training CERTIFICATIONS FIPS 140-2


## Corelight Pros & Cons
**What users like:**

- Users value the **comprehensive security** offered by Corelight, effectively detecting threats and ensuring smooth network operations. (2 reviews)
- Users value the **great network telemetry** of Corelight, facilitating easy detection of threats and enhancing security management. (2 reviews)
- Users value the **great network telemetry** of Corelight, simplifying security event analysis and enhancing threat detection. (2 reviews)
- Users praise Corelight for its **effective network security presentation** , enabling easy detection of threats like viruses and hackers. (2 reviews)
- Users value the **robust security features** of Corelight, effectively identifying and presenting critical network threats. (2 reviews)
- Users value the **excellent threat detection** of Corelight, making network security insights easily accessible and actionable. (2 reviews)
- API Integration (1 reviews)
- Users value the **effective threat detection** of Corelight, finding it crucial for network safety and analysis. (1 reviews)
- Users value the **superior detection efficiency** of Corelight, providing insightful analysis for enhanced network security. (1 reviews)
- Easy Integrations (1 reviews)

**What users dislike:**

- Users find Corelight&#39;s **complex coding** challenging, requiring specialized knowledge and potentially costly training for effective use. (2 reviews)
- Users find the **complex configuration** of Corelight challenging, making it unsuitable for novice security analysts. (2 reviews)
- Users find the **complexity** of Corelight challenging, especially for novice security analysts and effective management. (2 reviews)
- Users find the **complex setup** of Corelight challenging, often requiring specialized knowledge and costly personalized training. (2 reviews)
- Users find Corelight&#39;s setup requires a steep **learning curve** , making it challenging for novice security analysts. (2 reviews)
- Training Required (2 reviews)
- Complex Management (1 reviews)
- Cost Management (1 reviews)
- Difficult Learning (1 reviews)
- Difficult Management (1 reviews)

## Corelight Reviews
  ### 1. Corelight the Threat Hunters

**Rating:** 4.5/5.0 stars

**Reviewed by:** Andy V. | Cybersecurity Engineer, Mid-Market (51-1000 emp.)

**Reviewed Date:** May 22, 2025

**What do you like best about Corelight?**

Great network telemetry. Corelight does a great job with presenting security network events in a digestible manner. The integration with CrowdStrike provides excellent correlating network events, and the built in parsers helps make view the network events easy to read.

**What do you dislike about Corelight?**

It's a bit complex so really not suitable for a novice security analyst. Plus some of the online training is really high level, so you need to schedule personalized training which can be costly.

**What problems is Corelight solving and how is that benefiting you?**

Corelight is providing network security insights.

  ### 2. Best NDR solution Guardians of  Network

**Rating:** 5.0/5.0 stars

**Reviewed by:** Aman P. | Cloud Security (Threat and Observability), Enterprise (> 1000 emp.)

**Reviewed Date:** October 03, 2023

**What do you like best about Corelight?**

The interface and ease of accessibility and customer support for technical troubleshooting is Awesome

**What do you dislike about Corelight?**

nothing to dislike as of now since i am still using and getting used to to the new feature

**What problems is Corelight solving and how is that benefiting you?**

We are getting the evidence for the networdk related threat

  ### 3. We use Corelight sensors in our environment to monitor and alert based off of traffic.

**Rating:** 4.5/5.0 stars

**Reviewed by:** William J. | Security Analyst, Enterprise (> 1000 emp.)

**Reviewed Date:** July 26, 2024

**What do you like best about Corelight?**

Being able to enrich data daily as it is ingested and feed that into a log agrigator has been extremly useful. Depoloyments in our environment have also gone smoothly and the price has been fair.

**What do you dislike about Corelight?**

One of the few downsides I have noticed is that we have had to write some corelight modules ourselves to properly sort and ingest data.

**What problems is Corelight solving and how is that benefiting you?**

Corelight allows us to monitor our internal traffic and alert off of supicious traffic. Without this we would be largely blind in our internal environment to what traffic is going where in any kind of meaningful way.

  ### 4. I loved it

**Rating:** 4.0/5.0 stars

**Reviewed by:** Lalith S. | Sr. Devops Engineer, Mid-Market (51-1000 emp.)

**Reviewed Date:** July 25, 2024

**What do you like best about Corelight?**

My most helpful about corelight is network detection and analyze.

**What do you dislike about Corelight?**

I would like more UI experience and improve it I would say.

**What problems is Corelight solving and how is that benefiting you?**

Business problems corelight is solving and thats directly benifiting company on major finance and in aws marketplace, Incident response.

  ### 5. Great Threat hunting choice

**Rating:** 4.0/5.0 stars

**Reviewed by:** Verified User in Market Research | Mid-Market (51-1000 emp.)

**Reviewed Date:** July 26, 2024

**What do you like best about Corelight?**

Really good detection of threats and detailed informs, as a simple user this is super insightful

**What do you dislike about Corelight?**

I would like the detection of threat be faster but i know there are some process to accomplish before i could reicive the results.

**What problems is Corelight solving and how is that benefiting you?**

Give me an interface with almost everything that i need to do much easier to detect anomalies

  ### 6. Corelight and the benefits to your organization

**Rating:** 5.0/5.0 stars

**Reviewed by:** Richard D. | Enterprise (> 1000 emp.)

**Reviewed Date:** June 29, 2023

**What do you like best about Corelight?**

The support and periodic review with the team assigned to you are excellent. The product (sensor AP along with add-ons such as Suricata and machine-based learning that provide insights within the Crowdstrike (Humio) platform are excellent. The base platform is like Zeek on steriods. If needed,pro-active support even lets you know the hardware may be failing and an RMAs you an identical substitute. The device logs to Humio, syslog, etc. simultaneously
The command line control of the device is excellent, and so is fleet management for a series of APs. There is also an annual Zeek conference in which new insights and roadmaps are presented by Corelight

**What do you dislike about Corelight?**

Nothing - the sensors work perfectly and dashboard summaries are very good. If one wants, one can always simply query the data manually. There is constant improvement with the release of updates and integrations with other vendor products. Corelight support is always helpful no matter what I throw at them - ranging from technical questions down to annual quotes to renew licenses. I simply cannot find anything to dislike

**What problems is Corelight solving and how is that benefiting you?**

Pro-active security monitoring and if there is penetration, one can look back to trace the origins. I am far more productive than I was without using Corelight.

  ### 7. Pretty straight forward

**Rating:** 4.0/5.0 stars

**Reviewed by:** Verified User in Consulting | Enterprise (> 1000 emp.)

**Reviewed Date:** July 25, 2024

**What do you like best about Corelight?**

Great place for your cybersecurity needs!

**What do you dislike about Corelight?**

Partnered with crowstrike and the uncertainty with those two combined.

**What problems is Corelight solving and how is that benefiting you?**

Their system is very great detection system

  ### 8. Implementing Corelight monitoring as an MSSP for various customers

**Rating:** 5.0/5.0 stars

**Reviewed by:** Verified User in Computer & Network Security | Mid-Market (51-1000 emp.)

**Reviewed Date:** July 12, 2023

**What do you like best about Corelight?**

Very easy to deploy. The hardware sensors and pre-made VM images make deployment as an MSSP very easy as we can just hand this stuff to the customer and give them the key to our Fleet Manager and manage the rest on our side.

Fleet Manager in particular is really good for managing disparate configurations and one-offs across multiple customers.

**What do you dislike about Corelight?**

I'd say Fleet Manager not having the ability to facilitate the particular MSSP scenario where the MSSP owns Fleet Manager and has a variety of customers in one instance, but the customer wants access to Fleet Manager for reporting or perhaps editing configurations. Because we can't silo customers in like a "site" fashion to prevent them from seeing other customer's data, it's a scenario we can't do right now.

**What problems is Corelight solving and how is that benefiting you?**

I'd say most customers have an idea of how much traffic they've got, but not the composition of it. That rich NTA data central to Corelight is the main value I've seen for the customer's side.

  ### 9. Right Tool, Great Support

**Rating:** 4.5/5.0 stars

**Reviewed by:** Verified User in Higher Education | Enterprise (> 1000 emp.)

**Reviewed Date:** July 12, 2023

**What do you like best about Corelight?**

Corelight appliances do one thing and do it well: process your network traffic through analysis engines. Corelight support staff know what they're doing, reply promptly, and resolve most issues within two emails.

**What do you dislike about Corelight?**

We've seen Corelight grow quite a bit since we first became a customer. I worry they might one day adopt Cisco's strategy of adding unnecessary features in the pursuit of achieving vendor lock-in. Doing would degrade the user experience and price out customers who can't afford a one-stop-shop security solution.

**What problems is Corelight solving and how is that benefiting you?**

Corelight solves the problem of having to maintain the physical and application layers of a network traffic analysis tool. This frees up our engineers to concentrate on configuring Zeek and Suricata, in turn improving the quality of the data used by our SOC.

  ### 10. A premier tool for advanced SOCs

**Rating:** 4.5/5.0 stars

**Reviewed by:** Verified User in Computer & Network Security | Enterprise (> 1000 emp.)

**Reviewed Date:** July 28, 2023

**What do you like best about Corelight?**

If your SOC needs better visibility, in particular in a way that will integrate with any of the other tools in your security stack, Corelight is the way to do it. In 15 minutes you can turn a network tap into rich metadata about every packet that's crossed that wire, in an open source format that works with any SIEM, schema, or other setup that might be valuable to you. Their Suricata integration is also the best IDS setup on the modern market, and their customer support is second to none. You'll be glad to work with Corelight, both the tech and the people!

**What do you dislike about Corelight?**

Corelight is best suited for larger organizations. The cost to ingest data into SIEMs whose pricing model runs on ingest can be high, and less advanced SOCs will have a learning curve using the tool.

**What problems is Corelight solving and how is that benefiting you?**

I can triage alerts much more rapidly, and I have a better asset inventory than ever before. It's a source of truth that has a lot of applications - there are plenty more than I'm using it for, for sure!

  ### 11. "Unveiling Network Threats"core

**Rating:** 4.5/5.0 stars

**Reviewed by:** Swetha Y. | Senior Data Engineer, Enterprise (> 1000 emp.)

**Reviewed Date:** August 31, 2023

**What do you like best about Corelight?**

Corelight helps you to find any bad things happening like sneaky viruses or hackers trying to get in and having a detective tool for our Network. So, that we can process Everything safe and run smoothly

**What do you dislike about Corelight?**

The potential downsides of Corelight is that it can be complex to setup and manage and it might require specialized knowledge to use effectively and it needs to be improved for better usages.

**What problems is Corelight solving and how is that benefiting you?**

Corelight helps find bad things happening on computer networks.It watches the network traffic and tells us if there are any suspicious activities. With this we can secure the systems safe and secure.

  ### 12. It has an easy to use interface

**Rating:** 4.5/5.0 stars

**Reviewed by:** Adrian B. | Analyst, Enterprise (> 1000 emp.)

**Reviewed Date:** August 02, 2023

**What do you like best about Corelight?**

It has helped me to have a broader visibility of the devices that connect to the network and process the traffic of our network with the sensors that also help to detect possible vulnerabilities

Based on my experience, I can confirm that the help service is quite useful and efficient in solving everything correctly and quickly.

**What do you dislike about Corelight?**

So far I haven't found anything I don't like about Corelight

**What problems is Corelight solving and how is that benefiting you?**

improved network visibility with extreme coverage reporting dangerous threats that would cause serious incidents

  ### 13. Works great!

**Rating:** 5.0/5.0 stars

**Reviewed by:** Tim V. | Mid-Market (51-1000 emp.)

**Reviewed Date:** June 26, 2023

**What do you like best about Corelight?**

Simple deployment and great partnership with the account team. Very much appreciate the simplicity of managing a single device or multipule through fleet management tools.

**What do you dislike about Corelight?**

Only enable what you need... the volume of events can be substantial.

**What problems is Corelight solving and how is that benefiting you?**

Providing a top-notch NDR solution that can handle up to 10gbps of data.

  ### 14. Corelight - A great competitor in NDR space!

**Rating:** 4.5/5.0 stars

**Reviewed by:** Sathish V. | Enterprise (> 1000 emp.)

**Reviewed Date:** July 05, 2023

**What do you like best about Corelight?**

- Centralized administration
- Great customer service
- Administrator friendly user interfaces

**What do you dislike about Corelight?**

- Can improve on the documentations/knowledge articles
- Needs only the involvement of Corelight Technical assistance team to carry out certain commands/options

**What problems is Corelight solving and how is that benefiting you?**

Help protect critical assets by continuous threat monitoring and reporting

  ### 15. Great Company to Partner With

**Rating:** 5.0/5.0 stars

**Reviewed by:** Verified User in Information Technology and Services | Mid-Market (51-1000 emp.)

**Reviewed Date:** July 11, 2023

**What do you like best about Corelight?**

Their TAM team is very helpful when setting up the sensors.  So far, the sensors are very easy to use. I like the fleet manager to manage all the sensors from one location.

**What do you dislike about Corelight?**

So far have hot found anything that I dislike

**What problems is Corelight solving and how is that benefiting you?**

It is giving our SOC visibility into the third leg of the SOC visibility triad - network monitoring.

  ### 16. Corelight

**Rating:** 4.5/5.0 stars

**Reviewed by:** Verified User in Information Technology and Services | Enterprise (> 1000 emp.)

**Reviewed Date:** September 07, 2023

**What do you like best about Corelight?**

It gives many advances to the soc like , visibility of devices, check each packet of network with every detail. Works as an open source with SIEM. Has a great features as an IDS. Friendly UI.

**What do you dislike about Corelight?**

Many features could be added other than that nothing else .

**What problems is Corelight solving and how is that benefiting you?**

Helping organisation with lot of security features to protect devices and monitoring threats.

  ### 17. Corelight is easy to use and open source

**Rating:** 4.0/5.0 stars

**Reviewed by:** Verified User in Information Technology and Services | Mid-Market (51-1000 emp.)

**Reviewed Date:** July 05, 2023

**What do you like best about Corelight?**

Corelight it pretty straight forward and easy to use.  I do enjoy the open sourced aspect of it, giving customers the ability to create their own Zeek packages for very specific use cases.

**What do you dislike about Corelight?**

I wish Fleet Manager had more capabilities.  Things such as multi-tenant, exportable reporting, and alerting capabilities when it comes to a sensor(s) specific health.

**What problems is Corelight solving and how is that benefiting you?**

Being that I am part of an MSSP, we use Corelight to assist our different customers to improve their security posture.  It has helped bridge the gap on what an EDR tool cannot see.

  ### 18. Great tool for Analyze and Monitor Traffic

**Rating:** 5.0/5.0 stars

**Reviewed by:** Ashwini K. | Network Administrator, Mid-Market (51-1000 emp.)

**Reviewed Date:** July 31, 2023

**What do you like best about Corelight?**

Corelight is a Centralized Administration tool. its interface is user friendly.

**What do you dislike about Corelight?**

Nothing found so far that i dislike Corelight

**What problems is Corelight solving and how is that benefiting you?**

Provide Network visibility and play significant role

  ### 19. security engineer

**Rating:** 4.5/5.0 stars

**Reviewed by:** Verified User in Information Technology and Services | Mid-Market (51-1000 emp.)

**Reviewed Date:** August 02, 2023

**What do you like best about Corelight?**

I like how it simplifys the management and setup of a highly advanced NIDS

**What do you dislike about Corelight?**

I dislike the lack of visibility in tuning/modifying the detection signatures

**What problems is Corelight solving and how is that benefiting you?**

it provides the critical visibility and data needed investigations and incident response.

  ### 20. Corelight at Mississippi State/HPC2

**Rating:** 5.0/5.0 stars

**Reviewed by:** Verified User in Research | Mid-Market (51-1000 emp.)

**Reviewed Date:** July 07, 2023

**What do you like best about Corelight?**

The support from the Corelight guys is amazing.  They provide one-on-one support.  They put out updates and features as necessary.  Great product integration

**What do you dislike about Corelight?**

Increasing throughput or full packet capture would be significant investments.

**What problems is Corelight solving and how is that benefiting you?**

Corelight is our source of network visibility.  It plays a significant role in our compliance posture.


- [View Corelight pricing details and edition comparison](https://www.g2.com/products/corelight/reviews?section=pricing&secure%5Bexpires_at%5D=2026-05-20+06%3A27%3A30+-0500&secure%5Bsession_id%5D=a45c7e24-913a-40e6-8567-25e004632a2f&secure%5Btoken%5D=93728d4fd9fdc5f2ef3b47ad6a0c5300ebdba3359a7bbdcd7d79f33f073e4350&format=llm_user)
## Corelight Integrations
  - [Falcon Next-Gen SIEM](https://www.g2.com/products/falcon-next-gen-siem/reviews)

## Corelight Features
**Administration**
- Risk Scoring
- Secrets Management
- Security Auditing
- Configuration Management

**Functionality**
- Performance Monitoring
- Alerting
- Improvement Suggestions
- Multi-Network Capability

**Automation**
- Metadata Management
- Artificial Intelligence & Machine Learning
- Response Automation
- Continuous Analysis

**Analysis**
- File Analysis
- Memory Analysis
- Registry Analysis
- Email Analysis
- Linux Analysis

**Activity Monitoring**
- Usage Monitoring
- Database Monitoring
- API Monitoring
- Activity Monitoring

**Connected Device Security**
- Vulnerability Assessment
- Identity Lifecycle
- Threat Protection
- Behavior Analysis
- Incident Response
- IoT Network Security
- OTA Updates
- Alerts & Notifications

**Analysis**
- Incident Reporting
- Network Visibility
- Metadata Enrichment
- Metadata Management

**Monitoring - Network Monitoring**
- 360-Degree Network Visibility
- Automated Network Discovery
- Real-Time Monitoring

**Agentic AI - AWS Marketplace**
- Autonomous Task Execution
- Multi-step Planning
- Cross-system Integration

**Response**
- Resolution Automation
- Resolution Guidance
- System Isolation
- Threat Intelligence
- Incident Investigation

**Cloud Visibility**
- Data Discovery
- Cloud Registry
- Cloud Gap Analytics

**Network Management**
- Activity Monitoring
- Asset Management
- Log Management

**Monitoring**
- Continuous Image Assurance
- Behavior Monitoring
- Observability

**Detection**
- Intrusion Detection
- Security Monitoring
- Anti-Malware / Malware Detection

**Management**
- Performance Baseline
- Data Visualization
- Path Analysis

**Functionality**
- Multi-Network Capability
- Anomaly Detection
- Network Visibility
- Scalability

**Functionality**
- Incident Alerts
- Anomaly Detection
- Continuous Analysis
- Decryption

**Security**
- Compliance Monitoring
- Risk Analysis
- Reporting

**Platform**
- Dashboard
- Hardware
- Performance
- Reporting

**Response**
- Incident Alerts
- Response Orchestration
- Response Automation

**Analytics - Network Monitoring**
- Predictive Performance Analytics
- Packet & Flow Analysis

**Records**
- Incident Logs
- Incident Reports

**Security**
- Data Security
- Data loss Prevention
- Security Auditing

**Incident Management**
- Event Management
- Automated Response
- Incident Reporting

**Protection**
- Dynamic Image Scanning
- Runtime Protection
- Workload Protection
- Network Segmentation

**Administration**
- Compliance
- Administration Console -
- API / integrations

**Incident Management**
- Incident Logs
- Incident Alerts
- Incident Reporting

**Remediation**
- Incident Reports
- Remediation Suggestions
- Response Automation

**Administration**
- Security Automation
- Security Integration
- Multicloud Visibility

**Detection**
- Multi-Network Monitoring
- Asset Discovery
- Anomaly Detection

**Security - Network Monitoring**
- Encrypted Data Transmission
- Zero Trust and Identity Management
- Integrated Network Security

**Management**
- Incident Alerts
- Incident Case Management
- Workflow Management

**Identity**
- SSO
- Governance
- User Analytics

**Security Intelligence**
- Threat Intelligence
- Vulnerability Assessment
- Advanced Analytics
- Data Examination

**Generative AI**
- AI Text Summarization

**Generative AI**
- AI Text Generation
- AI Text Summarization

**Network Performance - Network Monitoring**
- Dynamic Network Optimization
- Automated Tasks Routing

**Agentic AI - Security Information and Event Management (SIEM)**
- Autonomous Task Execution
- Multi-step Planning
- Proactive Assistance
- Decision Making

**Agentic AI - Cloud Security Monitoring and Analytics**
- Autonomous Task Execution
- Proactive Assistance
- Decision Making

**Agentic AI - Cloud Detection and Response (CDR)**
- Autonomous Task Execution
- Proactive Assistance
- Decision Making

**Services - Network Detection and Response (NDR)**
- Managed Services

**Generative AI**
- AI Text Generation
- AI Text Summarization

**AI Automation - Network Monitoring**
- Machine Learning-Based Anomaly Detection
- Self-Healing Networks
- Predictive Network Maintenance

**Agentic AI - Intrusion Detection and Prevention Systems (IDPS)**
- Autonomous Task Execution
- Proactive Assistance

**Services - Cloud Detection and Response (CDR) **
- Managed Services

**Agentic AI - Network Monitoring**
- Autonomous Task Execution
- Multi-step Planning
- Cross-system Integration
- Adaptive Learning
- Natural Language Interaction
- Proactive Assistance
- Decision Making

## Top Corelight Alternatives
  - [ExtraHop](https://www.g2.com/products/extrahop/reviews) - 4.6/5.0 (68 reviews)
  - [Datadog](https://www.g2.com/products/datadog/reviews) - 4.4/5.0 (690 reviews)
  - [Wiz](https://www.g2.com/products/wiz-wiz/reviews) - 4.7/5.0 (778 reviews)