Corelight’s cover photo
Corelight

Corelight

Computer and Network Security

San Francisco, CA 22,134 followers

Transforming network data into evidence, powering AI-driven detection and workflows, and enabling the AI SOC ecosystems.

About us

Corelight transforms network data into definitive evidence, powering AI-driven detection and expert-authored workflows, and enabling the AI SOC ecosystem. Delivered by our open NDR platform, Corelight’s comprehensive, correlated evidence gives you unparalleled visibility into your network. This evidence allows you to unlock new analytics, investigate faster, hunt like an expert, and even disrupt future attacks. Our on-prem and cloud sensors go anywhere to capture structured, industry-standard telemetry and insights that work with the tools and processes you already use. Corelight’s global customers include Fortune 500 companies, major government agencies, and research universities. Get started >> https://www.corelight.com/contact

Website
https://www.corelight.com
Industry
Computer and Network Security
Company size
201-500 employees
Headquarters
San Francisco, CA
Type
Privately Held
Founded
2016
Specialties
Bro, Intrusion Detection, Cybersecurity, Zeek, Network Security Monitoring, NSM, Network Traffic Analysis, NTA, NDR, network detection and response, and Threat Detection

Employees at Corelight

View 472 employees at Corelight

or

By clicking Continue to join or sign in, you agree to LinkedIn’s User Agreement, Privacy Policy, and Cookie Policy.

See all employees

Locations

Updates

  • The issue had been sitting on the network for years — undetected by the company's legacy NDR provider. Corelight identified it within the first 30 minutes of testing. Jay Miller walks through how a global cruise line evaluated visibility across its maritime and resort environments, including the challenge of inconsistent detections, overwhelming alarms, and limited context during investigations. The result was faster identification of network activity, more efficient investigations, and reduced SIEM storage pressure for the SOC team. 🎥 Listen in to the full story below! #NetworkSecurity #NDR #Cybersecurity

  • The first challenge in an AI-assisted SOC isn't the model. It's getting from a security question to the right evidence fast enough. In his latest blog, James Pope shares lessons from building and operating MCP-powered investigation workflows in the Black Hat NOC, including what worked, what didn't, and why context, retrieval, and workflow design often matter more than the protocol itself. The conclusion is simple: the evidence sets the ceiling. 📖 Read Chapter 1: https://lnkd.in/gURhseZP #BlackHat #AI #SOC #NetworkSecurity

    • No alternative text description for this image
  • View organization page for Corelight

    22,134 followers

    Threat intelligence doesn't create value sitting in a feed. Its value comes from helping defenders understand what's happening on the network and prioritize what deserves attention. In his latest blog, Allen Marin explores why modern detection depends on combining high-quality threat intelligence with forensic-grade network evidence, enabling analysts to investigate activity with greater context and confidence. Read the blog: https://lnkd.in/g46sCu3Z #ThreatIntelligence #Cybersecurity #NetworkSecurity #ThreatDetection

    • No alternative text description for this image
  • Corelight reposted this

    A 20x faster alert response time is a step-change in how security teams operate. Corelight delivers high-quality data, detections, and agentic capabilities to security teams working to move much faster. Corelight Security Engineer Jordan Hair built a custom harness, now powered by TAC GPT-5.5 to minimize the time to respond to alerts, perform threat hunts, and develop detections with some fantastic results. The impact: ☑️ 20x improvement in time to resolve alerts ☑️ 4x improvement in velocity for threat hunting and detection development ☑️ Noticeably higher quality and more detailed outputs Corelight’s work shows what happens when expert teams use Codex Security as a force multiplier inside the workflows where time, precision, and judgment matter most. Explore Codex Security: https://lnkd.in/gqaWjuR3

  • A network anomaly. A failed login. An unusual DNS request. Individually, these signals may not warrant investigation. Together, they can tell a very different story. In this article on The Hacker News, Corelight examines how agentic AI can correlate activity across large volumes of network data, helping analysts surface meaningful detections while spending less time on manual triage. 📖 Read more: https://lnkd.in/gTFhiDcz #Cybersecurity #SOC #NetworkSecurity #ThreatDetection

    • No alternative text description for this image
  • One sensor. One source of truth. Last week, Corelight released Sensor v29.1, extending the value of network evidence beyond security operations with new native network performance monitoring and passive asset classification capabilities. The result is a more complete view of what's happening across the environment, helping security and network teams work from the same evidence and context. Learn more: https://lnkd.in/gCY24KXG #Cybersecurity #NetworkSecurity #NDR

  • Critical infrastructure doesn't operate in isolation. Recently, United Airlines CISO Deneen DeFiore joined Brian Dye to discuss how defenders are approaching security across increasingly interconnected ecosystems of suppliers, partners, airports, and service providers. A consistent theme throughout the conversation was that effective defense depends on more than information sharing. Trusted relationships, operational visibility, and a collective approach to responding when something goes wrong all play a role. #RSAC2026 #CriticalInfrastructure #Cybersecurity #NetworkSecurity

  • The Corelight Open NDR platform has achieved FedRAMP In Process for Class C (Moderate) Certification status on the FedRAMP Marketplace 🎉 This milestone marks an important step toward bringing cloud-based network detection and response to U.S. federal agencies operating some of the world’s most complex and mission-critical environments. As agencies modernize infrastructure and move more workloads to the cloud, network-level evidence becomes essential for detecting sophisticated threats, accelerating investigations, and supporting defensible security outcomes. Learn more: https://lnkd.in/gaY8er8R #FedRAMP #Cybersecurity #NDR #NetworkSecurity #PublicSector

  • You can't write meaningful detections without meaningful data. A research university wanted to build custom monitoring and detection scripts, but existing NetFlow, server, and firewall logs weren't providing enough detail to support that effort. By enriching network activity with protocol-level data, analysts gained the context they needed to investigate behavior, search more effectively, and create detections around what was actually happening on the network. Scroll ⏩️ to see how the university approached network visibility and custom detection development. #Cybersecurity #ThreatDetection #NetworkSecurity

Similar pages

Browse jobs

Funding

Corelight 6 total rounds

Last Round

Series E

US$ 150.0M

See more info on crunchbase