Corelight sensors produce rich, protocol-specific logs for incident response and threat-hunting workflows within any SIEM. When integrated with EndaceProbe Analytics Platforms these logs include ‘Pivot-to-Vision’ links which connect SIEM events to the related packet data recorded by the endaceProbes on the network. Security analysts can quickly investigate incidents from their SIEM using a single click drill-down to analyze recorded network history and investigate a threat event’s packet data in granular detail. Corelight has also joined Endace’s Fusion Partner program.
Source: https://www.helpnetsecurity.com/2021/02/10/endace-corelight/