Corelight Open NDR does not need any improvements or additional features in the next releases. The product is excellent at what it does, and I believe what they have done with it, taking an open-source engine and bundling it into an appliance with professional support, was a brilliant idea and has been a great fit for my organization.
Growth And Strategy Lead at a computer software company with 51-200 employees
Real User
Top 10
Apr 29, 2026
Before Corelight recently started pushing some of the agentic features, querying at times could be a little difficult, depending on your mastery of log scale. However, I think with a lot of the artificial intelligence that they are building in, it is getting a lot easier to query in the platform. I would definitely encourage them to continue down that path where anybody can hop into the platform and start running queries, whether it is a simple instruction like I want this, and an artificial intelligence process can actually build the query and do it. I think that would be super powerful. Cyber skill sets are in high demand, and there is a huge backlog in cyber talent. We cannot fill all the positions we need. The easier we can make these cyber systems for people to pick up and be effective on, I think is really key. Explainability of data is hyper important. In the past few artificial intelligence related updates we have gotten from Corelight, that has been one of the first questions our team has asked every time or that I have asked: show me what the model is doing, show me how it came to this analysis. Within Investigator platform, they are able to walk through and see exactly what data the artificial intelligence pulled from where and why it did what it did as far as making its suggestions. They have definitely built their system with artificial intelligence in mind up front, and having that openness as one of the key features of any of their artificial intelligence and machine learning processes in the platform is important. The issue with black boxes is obviously hallucinations from artificial intelligence and just not being able to trace to ground truth. When we are talking about these cyber incidents and being able to do forensics, you need to be able to pinpoint and tie everything together, and black boxes really obscure that and prevent you from doing so. Corelight has done a really good job of making sure that everything is explainable and everything is mapped when it comes to leveraging any of their artificial intelligence features.
The solution’s architecture is complex and difficult to understand. There's multiple machines and VMs. It’s size will increase the pricing to reflect the design. The solution should make it to one single platform with all the features.
They can enhance the interface of the product. They can make it more interactive and also easier to use for feature access. We wanted Corelight to have service catalogs, and it seems they have done it this year.
Machine learning could be a good improvement, but it's very costly. Here in Spain, we have many other solutions with machine learning analysis, and the cost is so high that it's very complicated to sell them here. For the Spanish market and Portugal, I would say that this could be a good improvement.
It's an expensive solution and the price could be reduced. They don't have a GUI. In the next release, building a graphical user interface would be helpful.
Corelight Open NDR delivers rapid deployment, essential insight, and data for cybersecurity. Known for ease of use, cost-effectiveness, and open-source Zeek code, it enhances security by streamlining traffic monitoring and integrating with threat feeds.Corelight Open NDR offers organizations enhanced network security and visibility, utilizing physical sensors in addition to cloud, virtual, and software variants. It supports incident response with packet capture sampling, monitoring internet,...
Corelight Open NDR does not need any improvements or additional features in the next releases. The product is excellent at what it does, and I believe what they have done with it, taking an open-source engine and bundling it into an appliance with professional support, was a brilliant idea and has been a great fit for my organization.
Before Corelight recently started pushing some of the agentic features, querying at times could be a little difficult, depending on your mastery of log scale. However, I think with a lot of the artificial intelligence that they are building in, it is getting a lot easier to query in the platform. I would definitely encourage them to continue down that path where anybody can hop into the platform and start running queries, whether it is a simple instruction like I want this, and an artificial intelligence process can actually build the query and do it. I think that would be super powerful. Cyber skill sets are in high demand, and there is a huge backlog in cyber talent. We cannot fill all the positions we need. The easier we can make these cyber systems for people to pick up and be effective on, I think is really key. Explainability of data is hyper important. In the past few artificial intelligence related updates we have gotten from Corelight, that has been one of the first questions our team has asked every time or that I have asked: show me what the model is doing, show me how it came to this analysis. Within Investigator platform, they are able to walk through and see exactly what data the artificial intelligence pulled from where and why it did what it did as far as making its suggestions. They have definitely built their system with artificial intelligence in mind up front, and having that openness as one of the key features of any of their artificial intelligence and machine learning processes in the platform is important. The issue with black boxes is obviously hallucinations from artificial intelligence and just not being able to trace to ground truth. When we are talking about these cyber incidents and being able to do forensics, you need to be able to pinpoint and tie everything together, and black boxes really obscure that and prevent you from doing so. Corelight has done a really good job of making sure that everything is explainable and everything is mapped when it comes to leveraging any of their artificial intelligence features.
The solution’s architecture is complex and difficult to understand. There's multiple machines and VMs. It’s size will increase the pricing to reflect the design. The solution should make it to one single platform with all the features.
Corelight hasn’t added features in a long time.
They can enhance the interface of the product. They can make it more interactive and also easier to use for feature access. We wanted Corelight to have service catalogs, and it seems they have done it this year.
Machine learning could be a good improvement, but it's very costly. Here in Spain, we have many other solutions with machine learning analysis, and the cost is so high that it's very complicated to sell them here. For the Spanish market and Portugal, I would say that this could be a good improvement.
It's an expensive solution and the price could be reduced. They don't have a GUI. In the next release, building a graphical user interface would be helpful.