Before Corelight recently started pushing some of the agentic features, querying at times could be a little difficult, depending on your mastery of log scale. However, I think with a lot of the artificial intelligence that they are building in, it is getting a lot easier to query in the platform. I would definitely encourage them to continue down that path where anybody can hop into the platform and start running queries, whether it is a simple instruction like I want this, and an artificial intelligence process can actually build the query and do it. I think that would be super powerful. Cyber skill sets are in high demand, and there is a huge backlog in cyber talent. We cannot fill all the positions we need. The easier we can make these cyber systems for people to pick up and be effective on, I think is really key.

Explainability of data is hyper important. In the past few artificial intelligence related updates we have gotten from Corelight, that has been one of the first questions our team has asked every time or that I have asked: show me what the model is doing, show me how it came to this analysis. Within Investigator platform, they are able to walk through and see exactly what data the artificial intelligence pulled from where and why it did what it did as far as making its suggestions. They have definitely built their system with artificial intelligence in mind up front, and having that openness as one of the key features of any of their artificial intelligence and machine learning processes in the platform is important. The issue with black boxes is obviously hallucinations from artificial intelligence and just not being able to trace to ground truth. When we are talking about these cyber incidents and being able to do forensics, you need to be able to pinpoint and tie everything together, and black boxes really obscure that and prevent you from doing so. Corelight has done a really good job of making sure that everything is explainable and everything is mapped when it comes to leveraging any of their artificial intelligence features.

Corelight Open NDR does not need any improvements or additional features in the next releases. The product is excellent at what it does, and I believe what they have done with it, taking an open-source engine and bundling it into an appliance with professional support, was a brilliant idea and has been a great fit for my organization.

Corelight hasn’t added features in a long time.

The solution’s architecture is complex and difficult to understand. There's multiple machines and VMs. It’s size will increase the pricing to reflect the design. The solution should make it to one single platform with all the features.

They can enhance the interface of the product. They can make it more interactive and also easier to use for feature access.

We wanted Corelight to have service catalogs, and it seems they have done it this year. 

Al the beginning I was surprised that it didn't include Machine learning based detection, but after some months, I understand why. Our SIEM and our SOAR already includes Machine Learning detection, and Corelight already make behavior based detection as well as signature based detection. Everything in Corelight is useful, and adding ML to an NDR would just make it more expensive, and I'm not sure if it would really improve the final result since Corelight sees everything and ML can be used in other solutions.

Last release included Smart PCAP, a tool that makes PCAP storing easier (and more cost-effective).

It's an expensive solution and the price could be reduced.

They don't have a GUI. In the next release, building a graphical user interface would be helpful.