Explainable, structured network evidence like the data Corelight Open NDR provides is absolutely crucial compared to traditional black box logs that might lack the context an AI needs to reach an accurate verdict, as I look forward to incorporating large language models and AI into my SOC. Much of what I am doing this year is figuring out which rules I can use to detect which AI engines are running under the covers that I might not be aware of. Corelight Open NDR has come in handy because I use Corelight and NetScout collaboratively now. I use the Corelight alerts to allow me to focus on the traffic that looks suspect, and then at that point, I dig into nGeniusONE, pull the packets from cache, and do the analysis. I did the Corelight deployment, and it was good; these are well-known appliances, brand name physical appliances configured as one would expect an enterprise appliance to be configured, running basically a Linux kernel with a web interface. In my environment, the deployment model for Corelight Open NDR is on-premises, but I can elaborate further if needed. I would rate this product an eight overall.
Growth And Strategy Lead at a computer software company with 51-200 employees
Real User
Top 10
Apr 29, 2026
We are definitely staying aware of what Corelight's competitors are doing. I will say that we have made a strategic investment in partnering with Corelight, and we are really looking at expanding our opportunities to collaborate and deliver Corelight Open NDR and managed detection and response to other critical industries and other markets. It is definitely seeing either places where Corelight currently is or places where Corelight wants to be, and it very much aligns with a lot of what we believe, and we have this very close partnership with Corelight and a joint strategy we have to build towards some common goals. Some things we are looking at is using our past performance on this contract that we are partnered on, protecting defense industrial base companies, and we are looking at other facets of critical industry, whether that be voting infrastructure at the state level, of which there has not only been a lot of press about, but also authentic attacks against and more and more legislation coming forward for protection of voting related systems. We are also looking at other facets of critical infrastructure such as utilities and ports and how we can take a similar delivery model to them to protect them and provide them the additional value that the visibility that Corelight provides across someone's network. We are really moving past just providing a Corelight sensor and Corelight Investigator and Corelight Open NDR as a solution, and instead, we are packaging everything together and managing it on behalf of them should they not be able to take it on themselves internally. I do not know exact figures, but across our program with these thirty or so companies that we have, we have detected somewhere between upwards of ten very serious activities over the past couple years that we have been able to get in front of and effectively prevent something from happening. These were nation state actor type threats. It is exactly what the program was set up for, as these companies are getting attacked by these advanced persistent threats, and we have been able to stop those. There is obviously plenty of activity happening day to day and alerts of varying criticality that we are managing, and we are reaching out to the customers on those, but as far as some really big ones, we have prevented some damage for sure. We have more than several success stories where something really serious was prevented. My overall review rating for Corelight Open NDR is nine out of ten.
It depends on the kind of customer, but I would recommend it for most companies that had a SOC. It is instrumental. I would rate this product a 10 out of 10. Previously, we have worked here in Spain with ExtraHop, and when we started to promote it, it was unknown. People were not very confident until we made a demonstration. Corelight, including Zeek and Suricata, is well known by most people. For that reason, we have seen that people liked Corelight and Zeek. It adapts perfectly to the day to day work for people in security analytics. It also integrates very well with testing, and they don't have to learn many things.
I don't have enough visibility in the competition in order to give you an accurate response to what could be improved. We are still new to this solution we don't know yet. I would rate this solution an eight out of ten.
Corelight Open NDR delivers rapid deployment, essential insight, and data for cybersecurity. Known for ease of use, cost-effectiveness, and open-source Zeek code, it enhances security by streamlining traffic monitoring and integrating with threat feeds.Corelight Open NDR offers organizations enhanced network security and visibility, utilizing physical sensors in addition to cloud, virtual, and software variants. It supports incident response with packet capture sampling, monitoring internet,...
Explainable, structured network evidence like the data Corelight Open NDR provides is absolutely crucial compared to traditional black box logs that might lack the context an AI needs to reach an accurate verdict, as I look forward to incorporating large language models and AI into my SOC. Much of what I am doing this year is figuring out which rules I can use to detect which AI engines are running under the covers that I might not be aware of. Corelight Open NDR has come in handy because I use Corelight and NetScout collaboratively now. I use the Corelight alerts to allow me to focus on the traffic that looks suspect, and then at that point, I dig into nGeniusONE, pull the packets from cache, and do the analysis. I did the Corelight deployment, and it was good; these are well-known appliances, brand name physical appliances configured as one would expect an enterprise appliance to be configured, running basically a Linux kernel with a web interface. In my environment, the deployment model for Corelight Open NDR is on-premises, but I can elaborate further if needed. I would rate this product an eight overall.
We are definitely staying aware of what Corelight's competitors are doing. I will say that we have made a strategic investment in partnering with Corelight, and we are really looking at expanding our opportunities to collaborate and deliver Corelight Open NDR and managed detection and response to other critical industries and other markets. It is definitely seeing either places where Corelight currently is or places where Corelight wants to be, and it very much aligns with a lot of what we believe, and we have this very close partnership with Corelight and a joint strategy we have to build towards some common goals. Some things we are looking at is using our past performance on this contract that we are partnered on, protecting defense industrial base companies, and we are looking at other facets of critical industry, whether that be voting infrastructure at the state level, of which there has not only been a lot of press about, but also authentic attacks against and more and more legislation coming forward for protection of voting related systems. We are also looking at other facets of critical infrastructure such as utilities and ports and how we can take a similar delivery model to them to protect them and provide them the additional value that the visibility that Corelight provides across someone's network. We are really moving past just providing a Corelight sensor and Corelight Investigator and Corelight Open NDR as a solution, and instead, we are packaging everything together and managing it on behalf of them should they not be able to take it on themselves internally. I do not know exact figures, but across our program with these thirty or so companies that we have, we have detected somewhere between upwards of ten very serious activities over the past couple years that we have been able to get in front of and effectively prevent something from happening. These were nation state actor type threats. It is exactly what the program was set up for, as these companies are getting attacked by these advanced persistent threats, and we have been able to stop those. There is obviously plenty of activity happening day to day and alerts of varying criticality that we are managing, and we are reaching out to the customers on those, but as far as some really big ones, we have prevented some damage for sure. We have more than several success stories where something really serious was prevented. My overall review rating for Corelight Open NDR is nine out of ten.
Overall, I rate the solution a seven out of ten.
I rate the solution an eight out of ten.
I would rate it an eight out of ten.
It depends on the kind of customer, but I would recommend it for most companies that had a SOC. It is instrumental. I would rate this product a 10 out of 10. Previously, we have worked here in Spain with ExtraHop, and when we started to promote it, it was unknown. People were not very confident until we made a demonstration. Corelight, including Zeek and Suricata, is well known by most people. For that reason, we have seen that people liked Corelight and Zeek. It adapts perfectly to the day to day work for people in security analytics. It also integrates very well with testing, and they don't have to learn many things.
I don't have enough visibility in the competition in order to give you an accurate response to what could be improved. We are still new to this solution we don't know yet. I would rate this solution an eight out of ten.