No more typing reviews! Try our Samantha, our new voice AI agent.
Corelight Open NDR Logo

Corelight Open NDR Reviews

Vendor: Corelight
4.5 out of 5
Leave a review

What is Corelight Open NDR?

Corelight Open NDR delivers rapid deployment, essential insight, and data for cybersecurity. Known for ease of use, cost-effectiveness, and open-source Zeek code, it enhances security by streamlining traffic monitoring and integrating with threat feeds.

Get the Network Detection and Response (NDR) Buyer's Guide and find out what your peers are saying about Corelight Open NDR, Darktrace, TrendAI Vision One and more!
Corelight Open NDR is the #7 ranked solution in Network Traffic Analysis tools and #11 ranked solution in top Network Detection and Response (NDR) solutions. PeerSpot users give Corelight Open NDR an average rating of 9.0 out of 10. Corelight Open NDR is most commonly compared to Darktrace: Corelight Open NDR vs Darktrace. Corelight Open NDR is popular among the large enterprise segment, accounting for 53% of users researching this solution on PeerSpot. The top industry researching this solution are professionals from a government, accounting for 12% of all views.
Buyer's Guide
Network Detection and Response (NDR)
April 2026
Get the category report
Helped 889,955 peers since 2012

Featured Corelight Open NDR reviews

Read more reviews

Corelight Open NDR mindshare

Product category:
Network Detection and Response (NDR)
As of April 2026, the mindshare of Corelight Open NDR in the Network Detection and Response (NDR) category stands at 5.0%, down from 5.5% compared to the previous year, according to calculations based on PeerSpot user engagement data.
Network Detection and Response (NDR) Mindshare Distribution
ProductMindshare (%)
Corelight5.0%
Darktrace15.5%
Vectra AI12.0%
Other67.5%
Network Detection and Response (NDR)
 
 
Key learnings from peers
Last updated Apr 22, 2026

Valuable Features

Corelight Open NDR offers insight, visibility, and comprehensive data. Deployment is quick. Users appreciate its ease of use, low cost, and open-source foundation with Zeek code. It's effective at tracking traffic and integrates with multiple threat feeds. Creating dashboards for specific tasks is straightforward. The simplicity of its engine makes analysis learning easy. Corelight's embedded IDS from Suricata is especially valued.
  • "Corelight makes much easier the remediation of cyber attacks; instead of facing a chaotic amount of logs, Corelight provides correlated metrics that allow pivoting to find, in seconds, all the data related to an alert, detection, or asset."
  • "It is easy to deploy and easy to handle."
  • "Technical support seems to be good."

Room for Improvement

Corelight Open NDR requires interface improvement, making it more interactive and user-friendly for accessing features. Users note the system's complex architecture involving multiple machines and VMs, which increases cost. A single-platform approach consolidating features and incorporating a graphical user interface is suggested. While lacking recent feature additions, Corelight Open NDR released Smart PCAP, easing cost-effective PCAP storage. Users also mention the solution's high price, suggesting a need for reduction.
  • "Machine learning could be a good improvement, but it's very costly."
  • "They can enhance the interface of the product. They can make it more interactive and also easier to use for feature access."
  • "It's an expensive solution and the price could be reduced."

ROI

Users reported significantly positive ROI from Corelight due to enhanced visibility into network traffic and efficient threat detection. Teams have reduced incident response times and operational costs. Financial investments in Corelight were justified by improved network security and lower manual intervention.

Pricing

Corelight Open NDR offers a license-based pricing model with a yearly fee, varying based on the organization's needs. While some find it surprisingly affordable, others note its relatively high cost compared to alternatives. Organizations with technical expertise benefit the most, as there can be a steep learning curve for newcomers. Corelight's open-source nature adds potential value, but cost considerations remain significant for evaluators.
  • "It's a yearly fee and depends on what you are looking for."

Popular Use Cases

Corelight Open NDR is primarily used for network traffic analysis, including packet capture sampling and monitoring Internet, data center, and LAN traffic. Organizations deploy it with physical, cloud, virtual, and software sensors. It aids in identifying east-west traffic, increasing cyber visibility, and supporting security and incident response efforts. Managed service providers utilize it for customer services rather than internal operations.

Service and Support

Corelight Open NDR's customer service and support are commendable. They receive praise for being dedicated from the first interaction. Issues have been resolved effectively, with their team rated four out of five by some. A robust community supports users, although stability might require occasional team assistance. The technical support is noted for being responsive, with good timing and quality in responses.

Deployment

Corelight Open NDR's initial setup is generally straightforward, especially for smaller networks. Users find it straightforward due to its pre-installed configurations and ease of deployment, often rating it highly for its simplicity in installing on VMs. However, for larger networks, complexities arise with integration, requiring expertise and longer deployment times. Documentation is rated moderately, with installation taking two weeks to three months for larger environments. Maintenance primarily involves managing licenses.

Scalability

Corelight Open NDR is regarded as highly scalable. Users in regions like the Middle East note its ease of expansion, especially in Kubernetes environments. The process to scale installations is described as straightforward, and integrating additional machines is seamless, contributing to its flexibility.

Stability

Corelight Open NDR is considered very stable by multiple entities, largely due to its foundation on the Zeek framework, which has a record of reliability spanning over two decades. Stability is consistently highlighted, with users expressing confidence in its robust performance.
These insights are based on the in-depth reviews provided by peers to help you make a better buying decision.
Download our Network Detection and Response (NDR) Buyer's Guide for additional reliable information.

Top industries

By visitors reading reviews
Government
12%
Financial Services Firm
12%
Computer Software Company
9%
Real Estate/Law Firm
9%
Manufacturing Company
7%
Healthcare Company
6%
University
5%
Media Company
4%
Educational Organization
4%
Comms Service Provider
4%
Retailer
3%
Performing Arts
3%
Pharma/Biotech Company
2%
Construction Company
2%
Non Profit
2%
Legal Firm
2%
Energy/Utilities Company
2%
Outsourcing Company
2%
Insurance Company
2%
Hospitality Company
1%
Security Firm
1%
Transportation Company
1%
Recreational Facilities/Services Company
1%
Sports Company
1%
Wholesaler/Distributor
1%

Compare Corelight Open NDR with alternative products

Go!

Learn more about Corelight Open NDR

Corelight Open NDR offers organizations enhanced network security and visibility, utilizing physical sensors in addition to cloud, virtual, and software variants. It supports incident response with packet capture sampling, monitoring internet, data center, and LAN traffic while facilitating east-west traffic identification. Despite its complexity, users suggest architectural simplifications and a graphical interface to boost usability and reduce costs. Features like Smart PCAP and service catalogs contribute positively, but an interactive interface with more seamless feature access is desired.

What Are Corelight Open NDR's Key Features?
  • Quick Deployment: Allows rapid implementation in varied environments.
  • Comprehensive Insight: Offers in-depth data and visibility for effective cybersecurity.
  • Ease of Handling: Designed for simplicity and cost-efficiency in complex networks.
  • Open-Source Zeek Code: Provides transparency and flexibility in operations.
  • Integrated Threat Feeds: Streamlines threat detection and analysis.
  • Suricata IDS: Enhances existing security frameworks effectively.
  • Custom Dashboards: Enables tailored task-specific visualizations.
What Benefits Should Users Consider?
  • Cost-Effectiveness: Delivers impressive cybersecurity capabilities at a competitive price.
  • Scalability: Offers solutions from physical to cloud-based implementations.
  • Enhanced Security: Strengthens incident response and threat detection efforts.
  • Ease of Use: Simplifies complex security processes for improved efficiency.

Primarily utilized by organizations to bolster network security, Corelight Open NDR is deployed in various sectors to increase visibility and streamline incident response. Its deployment spans physical, cloud, virtual, and software models, focusing on comprehensive packet capture sampling for effective traffic monitoring. Across industries, it serves managed services by identifying lateral network traffic, optimizing internet, data center, and LAN performance.

Corelight Open NDR was previously known as Corelight Open NDR.

Corelight Open NDR customers

Carrefour
Ednon
Grand Canyon Education
SektorCERT
Tietoevry
Volkswagen Financial Services

Related questions

  • 146
What is the biggest difference between Corelight and Vectra AI?
  • 100
How does Network Detection and Response (NDR) Differ from SIEM?
  • 88
What aspects of network security are more concerning to small and medium-sized enterprises?
  • 65
What are the best practices for Security Operations Center (SOC)?
  • 61
What is the future of the Network Operation Center (NOC)?
  • 214
Which alternative solutions (other than Darktrace) do you recommend for an SMB?
  • 129
Why is Network Detection and Response (NDR) important for companies?
  • 27
When evaluating Network Detection and Response (NDR), what aspect do you think is the most important to look for?
  • 51
GoDaddy has been hacked again. What can be done better?
  • 58
What is Data-Centric vs Application-Centric security architecture?

Product Categories

Product Categories
Network Detection and Response (NDR)
Network Traffic Analysis (NTA)

Popular Comparisons

Popular Comparisons
Darktrace vs Corelight Open NDR Logo
Darktrace vs Corelight Open NDR
TrendAI Vision One vs Corelight Open NDR Logo
TrendAI Vision One vs Corelight Open NDR
Vectra AI vs Corelight Open NDR Logo
Vectra AI vs Corelight Open NDR
VMware NSX vs Corelight Open NDR Logo
VMware NSX vs Corelight Open NDR
Cisco Secure Network Analytics vs Corelight Open NDR Logo
Cisco Secure Network Analytics vs Corelight Open NDR
Gigamon Deep Observability Pipeline vs Corelight Open NDR Logo
Gigamon Deep Observability Pipeline vs Corelight Open NDR
Stellar Cyber Open XDR vs Corelight Open NDR Logo
Stellar Cyber Open XDR vs Corelight Open NDR
NetWitness NDR vs Corelight Open NDR Logo
NetWitness NDR vs Corelight Open NDR
ExtraHop Reveal(x) vs Corelight Open NDR Logo
ExtraHop Reveal(x) vs Corelight Open NDR
Trellix Network Detection and Response vs Corelight Open NDR Logo
Trellix Network Detection and Response vs Corelight Open NDR
SolarWinds NetFlow Traffic Analyzer vs Corelight Open NDR Logo
SolarWinds NetFlow Traffic Analyzer vs Corelight Open NDR
Flowmon vs Corelight Open NDR Logo
Flowmon vs Corelight Open NDR
Lumu vs Corelight Open NDR Logo
Lumu vs Corelight Open NDR
ExtraHop Reveal(x) 360 vs Corelight Open NDR Logo
ExtraHop Reveal(x) 360 vs Corelight Open NDR
Arista NDR vs Corelight Open NDR Logo
Arista NDR vs Corelight Open NDR
See all alternatives
 
Corelight Open NDR Reviews Summary
Author infoRatingReview Summary
Account Executive at Fishtech Group4.0I use Corelight for east-west traffic visibility, finding it stable, scalable, and offering immediate ROI due to its low cost and easy setup. However, I note that new features haven't been added recently.
Technical Sales Manager at Spire Solutions3.5I rate Corelight a 7/10. It's excellent for traffic monitoring, stable, and scalable with powerful threat detection and integrations. However, I found its architecture complex, setup difficult, and pricing high.
Manage Consultant at SITE4.0I use Corelight for customer incident response. It's easy to deploy, handle, and scalable, with good support. I'd improve the interface's interactivity and feature access. Despite this, I rate it 8/10, preferring it for its rule-based approach over alternatives.
Pre Sales Technician at DotForce5.0I find Corelight an excellent, stable, and affordable solution for network traffic analysis, providing crucial data for cyber security. It integrates well and simplifies incident remediation, despite initially lacking machine learning. I highly recommend it.
Chief Executive Officer at NetMetrix4.0I use Corelight for security, valuing its embedded Suricata IDS. While stable and scalable, it is expensive and needs a GUI. Setup is easy, and support is good. I rate it 8/10.