James Pope, Corelight’s Director of Technical Marketing Engineering, demonstrates the company’s Open NDR Platform (https://corelight.com/products/open-ndr/)) and how it combines network detections with a whole host of other data sources.

00:00 - Introduction
01:20 - One minute overview
04:11 - Integrations: Crowdstrike Falcon Logscale
06:34 - Integrations: Suricata
07:48 - Falcon alerts
12:11 - Determining potential scope of compromise aka ‘blast radius’
15:32 - Detecting intrustion on hosts without EDR
18:39 - Corelight Investigator
21:04 - AI explains Suricata rules in plain english
22:52 - AI-suggested next steps
24:31 - Search-based alerts
27:17 - Scoring alerts transparently
29:56 - Cloud capabilities
31:24 - Related detections
34:58 - Unencrypted traffic in cloud environments
37:12 - Smart PCAP — tailored collection
40:36 - Conclusion