Corelight Network Security Monitor

Corelight Sensors operate out-of-band and transform raw traffic into rich logs, extracted files, and security insights using a specialized version of the open-source Zeek (formerly ‘Bro’). Security teams can stream Corelight’s logs and insights directly to the Humio platform for search and analysis.

Installation

Corelight sensors are built with simplicity in mind and are easy to install, configure, and deploy. Corelight sensors come in platforms

  • Physical appliances
  • Virtual appliances
  • Cloud appliances

A Corelight sensor requires

  • One network connection for the Management network to access, configure, and manage the sensor.
  • Network connection(s) for the Monitoring network to receive the traffic from a data source, such as from a SPAN/mirror port on a network switch, a packet broker, or a network TAP.

The initial setup involves

  • Logging in as a default admin user and changing the login password.
  • Configuring the network settings for the Management interface.

Screenshot

Then, you can sign in to the sensor through the Managment IP and configure the sensor. Screenshot

Configuration

Configuring a Corelight sensor to send data to Humio is effortless and quick. Once you have network traffic coming in through the monitoring port of the sensor, follow these steps

  1. Log in to the Management interface.
  2. Go to the sensor settings page and click Export.
  3. Enable Export JSON over TCP. Screenshot
  4. Fill the details of the Humio server’s IP and port, the Zeek logs to exclude and any JSON log filters you might have.
  5. Click the Packages tab at the top row and select all the packages you’d like to enable. Screenshot
  6. Click Apply Changes.

Data should now be exported and ingested by the Humio server, and parsed.

Troubleshooting

The Corelight sensor manual is available from the sensor’s main page. Corelight also has a dedicated team of support experts which include the core team and contributors of the Zeek project.

For More Information

Corelight and Humio’s integrated solution helps companies manage security threats and gain visibility across a company’s entire network. Humio’s instant, streaming search capabilities coupled with simple per-sensor pricing options makes it a perfect compliment for Corelight and open source Bro users.