Corelight Reviews

Name: Corelight
Brand: Corelight
Rating: 4.5 (5 reviews)

4.5 out of 5

5 reviews
100% willing to recommend

What is Corelight?

Corelight is the most powerful network visibility solution for information security professionals. We provide real-time data that organizations use to understand, detect, and prevent cyber attacks. Our solution is built on Zeek, the powerful and widely-used open source monitoring framework.

Get the Network Detection and Response (NDR) Buyer's Guide and find out what your peers are saying about Corelight, Darktrace, Vectra AI and more!

Corelight is the #7 ranked solution in Network Traffic Analysis tools and #14 ranked solution in top Network Detection and Response (NDR) solutions. PeerSpot users give Corelight an average rating of 9.0 out of 10. Corelight is most commonly compared to Darktrace: Corelight vs Darktrace. Corelight is popular among the large enterprise segment, accounting for 65% of users researching this solution on PeerSpot. The top industry researching this solution are professionals from a financial services firm, accounting for 14% of all views.

Buyer's Guide

Network Detection and Response (NDR)

January 2025

Get the category report

Helped 838,713 peers since 2012

Featured reviews

HamadaElewa

Technical Sales Manager at Spire Solutions

The huge library especially the open source link, makes it the main engine for Corelight with some enhancements in the commercial version. It has a very powerful level, such as signature-based attacks or behavioral attacks, with enhancements in the design. It is very flexible for intelligent implementations like IPs, especially between big companies and banks. Corelight is easy to understand and monitor what is going on behind the team. The solution is already integrated with other systems like Suricata, Elastic, and Microsoft tools. It's very easy to integrate signature-based or behavior-based engines. You can use Elastic for the dashboards to get it from Corelight, along with all the benefits and expandability.

Read full review

Dan Jeske

Account Executive at Fishtech Group

We use the solution for packet capture sampling. We offer it as part of our managed service. It's so we can identify east-west traffic on a customer's network Corelight is low-cost and made on open-source, and the code is Zeek. It's an easy way for us to get visibility in a client's environment.…

Read full review

Muteb Alqahtani

Manage Consultant at SITE

We're not using it for our organization. We use it for our customers. We provide a service for incident response, and we use it through that service It is easy to deploy and easy to handle. They can enhance the interface of the product. They can make it more interactive and also easier to use…

Read full review

Corelight mindshare

Product category:

As of February 2025, the mindshare of Corelight in the Network Detection and Response (NDR) category stands at 4.9%, down from 5.4% compared to the previous year, according to calculations based on PeerSpot user engagement data.

Network Detection and Response (NDR)

Key learnings from peers

Valuable Features

Embedded IDS from Suricata is highly valued. Quick deployment and ease of use are frequently mentioned. Corelight offers great visibility and comprehensive data including proactive defense and forensics. Users appreciate its low-cost, open-source nature with Zeek code. It easily tracks traffic and integrates with multiple threat feeds, simplifying analysis. The ease of creating dashboards for specific tasks is also highlighted.

"It's easy to create additional dashboards specific to supporting specific tasks."
"It's an easy way for us to get visibility in a client's environment."
"It is easy to deploy and easy to handle."

Room for Improvement

Corelight's high cost and lack of a graphical user interface are main concerns. The architecture is complex and difficult to understand, leading to increased pricing. Users seek a unified platform with improved interactivity and easier feature access. Despite initial disappointment with the absence of machine learning-based detection, it's understood that this feature might inflate costs without substantial benefit. Recent updates, such as Smart PCAP and service catalogs, show progress but more frequent feature additions are desired.

"The solution’s architecture is complex and difficult to understand. There are multiple machines and VMs."
"Corelight hasn’t added features in a long time."
"They can enhance the interface of the product. They can make it more interactive and also easier to use for feature access."

ROI

Users reported significantly positive ROI from Corelight due to enhanced visibility into network traffic and efficient threat detection. Teams have reduced incident response times and operational costs. Financial investments in Corelight were justified by improved network security and lower manual intervention.

Pricing

Corelight operates on a license-based model with a yearly fee, which varies based on specific requirements. Users describe the product as both affordable and expensive, depending on perspective and needs. While the solution is open-source, some find it costly compared to alternatives. Technical knowledge can be advantageous, as Corelight may pose a significant challenge for newcomers.

"It's a yearly fee and depends on what you are looking for."

Popular Use Cases

Corelight is utilized for security purposes and enhancing cyber visibility. Users deploy it with physical, cloud, virtual, and software sensors to monitor Internet, data center, and LAN traffic. It is leveraged in network traffic analysis, packet capture sampling, and incident response. Users deploy Corelight to identify east-west traffic for customers, offering it as part of managed services.

Service and Support

Customer support at Corelight is highly praised. Responses are prompt and effective. One user describes the support team as dedicated from the start. Another experienced timely and helpful assistance, rating them four out of five. Corelight benefits from a strong community and provides support for specific stability issues.

Deployment

Users found Corelight's initial setup easy and straightforward, particularly for small networks, rating it highly for ease of deployment. Pre-configured sensors simplify integration with networks. However, larger environments and complex integrations can pose challenges, requiring expertise and potentially taking several weeks to months for deployment. Documentation ratings vary, highlighting the need for detailed guides in complex setups. Users noted the necessity of license maintenance post-deployment.

Scalability

Corelight is recognized for its scalability and ease of expansion. Users emphasize that scaling the installation is straightforward, especially when integrated with Kubernetes. Many users across different regions highlight the simplicity of adding new machines to work with existing infrastructure.

Stability

Users find Corelight to be a stable choice, emphasizing that it is reliable. Many highlight that Corelight's foundation on Zeek, which has been utilized for over two decades, adds to its dependability. Consistent stability is a common sentiment among users.

These insights are based on the in-depth reviews provided by peers to help you make a better buying decision.

Download our Network Detection and Response (NDR) Buyer's Guide for additional reliable information.