I have been using Corelight Open NDR solution for approximately three years. I leverage the Suricata engine heavily for alerting on indicators of compromise as my main use case for this solution.
Growth And Strategy Lead at a computer software company with 51-200 employees
Real User
Top 10
Apr 29, 2026
I have been in my current role since August of last year, approaching nine to ten months. I am a growth and strategy lead at Morphworks and ArrowPoint. I also provide program management support on a Department of Defense contract where we heavily use Corelight products. Our company has been using Corelight Open NDR for about three or four years as part of this program. I have been working alongside the Corelight team on this contract while exploring new opportunities for Corelight and us to grow together. Specifically with what we are doing on this contract, there are adversaries to the United States that are attacking our critical industries, especially critical industries that tie to US federal government and Department of War. We help defense industrial base companies. They can be really small mom and pop shops making ball bearings that eventually end up in an aircraft carrier, or they could be a really large defense tech company doing something with artificial intelligence. Essentially, they are targets for our nation's adversaries. What we do is deploy Corelight sensors into their environments and we not only protect their networks by having those sensors in place, but also using Corelight Investigator platform to do managed detection and response. We gather intelligence on who is attacking these different critical companies for the government. The program that we are deploying these sensors under is structured so that the companies agree with the government that they will accept this protection and will provide the intelligence and data about what is happening on their network. We serve as the middle man in that process of deploying all these sensors, configuring all the environments, and providing some level of threat analysis and threat hunting. Additionally, we work alongside another team of analysts that are on Corelight Investigator platform as well, doing full threat hunting and identifying threats. When we identify significant alerts, there is an entire incident response and forensics package that is put together and sent back to those companies to let them know what has happened and what steps they need to take to make themselves whole again.
We use the solution for packet capture sampling. We offer it as part of our managed service. It's so we can identify east-west traffic on a customer's network.
Corelight is a network traffic analysis product. It is an extensive solution in Zeek and Suricata, virtual sensors, physical sensors, and cloud sensors.
Corelight Open NDR delivers rapid deployment, essential insight, and data for cybersecurity. Known for ease of use, cost-effectiveness, and open-source Zeek code, it enhances security by streamlining traffic monitoring and integrating with threat feeds.Corelight Open NDR offers organizations enhanced network security and visibility, utilizing physical sensors in addition to cloud, virtual, and software variants. It supports incident response with packet capture sampling, monitoring internet,...
I have been using Corelight Open NDR solution for approximately three years. I leverage the Suricata engine heavily for alerting on indicators of compromise as my main use case for this solution.
I have been in my current role since August of last year, approaching nine to ten months. I am a growth and strategy lead at Morphworks and ArrowPoint. I also provide program management support on a Department of Defense contract where we heavily use Corelight products. Our company has been using Corelight Open NDR for about three or four years as part of this program. I have been working alongside the Corelight team on this contract while exploring new opportunities for Corelight and us to grow together. Specifically with what we are doing on this contract, there are adversaries to the United States that are attacking our critical industries, especially critical industries that tie to US federal government and Department of War. We help defense industrial base companies. They can be really small mom and pop shops making ball bearings that eventually end up in an aircraft carrier, or they could be a really large defense tech company doing something with artificial intelligence. Essentially, they are targets for our nation's adversaries. What we do is deploy Corelight sensors into their environments and we not only protect their networks by having those sensors in place, but also using Corelight Investigator platform to do managed detection and response. We gather intelligence on who is attacking these different critical companies for the government. The program that we are deploying these sensors under is structured so that the companies agree with the government that they will accept this protection and will provide the intelligence and data about what is happening on their network. We serve as the middle man in that process of deploying all these sensors, configuring all the environments, and providing some level of threat analysis and threat hunting. Additionally, we work alongside another team of analysts that are on Corelight Investigator platform as well, doing full threat hunting and identifying threats. When we identify significant alerts, there is an entire incident response and forensics package that is put together and sent back to those companies to let them know what has happened and what steps they need to take to make themselves whole again.
We use the solution to monitor Internet traffic, the data center, and LAN traffic.
We use the solution for packet capture sampling. We offer it as part of our managed service. It's so we can identify east-west traffic on a customer's network.
We're not using it for our organization. We use it for our customers. We provide a service for incident response, and we use it through that service.
Corelight is a network traffic analysis product. It is an extensive solution in Zeek and Suricata, virtual sensors, physical sensors, and cloud sensors.
It is mainly being used for security purposes, and to increase cyber visibility.