Using Corelight Packages

For using and working with the sample Corelight data set, you can install the Corelight packages that can be used to parse and display the information through a collection of pre-configured queries and dashboards.

Two packages are available that support processing the data:

corelight/sensor
The corelight/sensor package includes the core parser and dashboard widgets for viewing the sensor data. The package includes the following dashboards:
- Corelight Connectivity
- Corelight DNS
- Corelight Exec Overview
- Corelight Files
- Corelight HTTP
- Corelight Intel
- Corelight Log Hunter
Figure 18. Corelight Sensor Sample Data Repository
- Corelight Notice
- Corelight SSH Inference
- Corelight SSL
- Corelight Software
- Corelight Suricata
  Figure 19. Suricata
  
  Corelight Sensor Sample Data Repository
- Corelight x509
corelight/threathuntingguide
The package includes the following dashboards:
- Saved Searches
- Alerts

Integrations

Packages

Other Integrations

Log Formats

Using Corelight Packages

Enter search term