Elastic
Start free trial Contact Sales
Loading

Corelight

<div class="condensed-table">
| | |
| --- | --- |
| Version | 0.4.0 [beta] (View all) |
| Compatible Kibana version(s) | 8.16.0 or higher |
| Supported Serverless project types
What’s this? | Security
Observability |
| Subscription level
What’s this? | Basic |
| Level of support
What’s this? | Partner |

</div>
Corelight provides network detection and response (NDR) solutions that enhance visibility, threat detection, and incident response by leveraging open-source technologies like Zeek. Its platform integrates with existing security tools to deliver high-fidelity network data, helping organizations detect and respond to threats more effectively across both on-premises and cloud environments​.

This integration includes only the Corelight dashboards mentioned below:

  • Corelight Suricata IDS Alert Overview
  • Intel
  • IP Interrogation
  • Log Hunting
  • Name Resolution Insights
  • Notices
  • RDP Inferences Overview
  • Remote Activity Insights
  • Secure Channel Insights
  • Security Posture
  • SSH Inferences Overview
  • VPN Insights

Add ECS Mappings: Start by adding the ECS (Elastic Common Schema) mappings from the Corelight GitHub organization. You can find the required templates here: Corelight ECS Templates. The script within the repository installs the necessary components, including index settings, index templates, ILM policies, and ingest pipelines etc. These components will ensure that Corelight data is correctly formatted and aligned with Elastic’s schema.

Send Data from Corelight to Elastic: Once the ECS mappings are in place, configure Elasticsearch in the web interface under Sensor > Export > Export to Elastic. It will require below parameters:

  • Server: The HTTP or HTTPS URL (including the port).
  • Prefix: The Elasticsearch index, alias, and template prefix (e.g. logs-corelight-*).
  • Username: The Username to authenticate to Elasticsearch.
  • Password: The Password to authenticate to Elasticsearch.
  • Zeek logs to exclude: Logs that you don’t want to export to Elasticsearch. If blank, sensor will export all log types.
  • Elasticsearch log filter: Logs to exclude using the Corelight Filtering Language.
Note

Use the index prefix name (logs-*) instead of a custom index prefix.

  1. In Kibana navigate to Management > Integrations.
  2. In "Search for integrations" top bar, search Corelight.
  3. Select the "Corelight" integration from the search results.
  4. Navigate to Settings.
  5. Select the "Install Corelight assets".
  6. Navigate to Assets to get list of dashboards.

[TBC: QUOTE]

**Changelog**
Version Details Kibana version(s)
0.4.0 pass:[] Enhancement (View pull request)
Add security workflows dashboards.
0.3.0 pass:[] Enhancement (View pull request)
Added an alert insight panel and updated the VPN connections visualization to a line chart in the security posture dashboard.
0.2.0 pass:[] Enhancement (View pull request)
Update inferences field to ssh.inferences for ssh log type.
0.1.0 pass:[] Enhancement (View pull request)
Initial release.