echoloc
Get started
echoloc/ Companies/ Corelight

Corelight Tech Stack

Network detection and response platform built on Zeek, powering AI-driven SOC workflows

Computer and Network Security San Francisco, CA 201–500 employees Founded 2016 Privately Held
corelight.com LinkedIn

Corelight operates an open NDR platform that converts raw network telemetry into actionable security evidence. The stack reflects a mature detection-focused engineering org: Zeek and Suricata for packet analysis, Python for custom logic, Kafka and Elasticsearch for data pipelines, and Splunk for SIEM integration. Recent adoption of Agentforce, OpenAI, and Anthropic signals a shift toward AI-assisted threat hunting and automation—matching their stated focus on AI-driven detection. Sales velocity is accelerating with leadership hiring, but pain points around incident response delays and scaling data pipelines suggest the product is hitting performance boundaries as customers deploy at enterprise scale.

Tech Stack 79 technologies

Core StackPython AWS Ansible Terraform Splunk Elasticsearch Kafka Jira Salesforce Hyper-V Zeek Suricata YARA Bash Azure GCP Snort Humio Logstash Perl PowerShell Pendo Outreach LinkedIn Sales Navigator ESXi Caldera Cobalt Strike MISP macOS Unix+46 more
AdoptingOpenAI Anthropic Agentforce

What Corelight Is Building

Challenges

  • Incident response delays
  • Scaling internal infrastructure
  • Stable high-performance releases
  • Threat hunting
  • Reliable delivery of actionable insights
  • Complex multi-stakeholder enterprise sales cycles
  • Scaling massive network data pipelines
  • Systematizing product processes
  • Complex technical challenges
  • Network visibility gaps

Active Projects

  • Open ndr platform release testing
  • Siem query and dashboard implementation
  • Area sales strategy
  • Scalable test infrastructure
  • Automated test suite development
  • Custom threat hunting content development
  • Soc/ir workflow automation playbooks
  • High-performance api services
  • Infrastructure as code implementation
  • Integration test development

Hiring Activity

Accelerating30 roles · 25 in 30d

Department

Sales
12
Engineering
10
Support
4
Marketing
2
Product
1
Security
1

Seniority

Senior
16
Director
4
Lead
3
Mid
3
Junior
2
Staff
2

Notable leadership hires: Director of Sales

Company intelligence

Find more companies like Corelight by tech stack, pain points and active projects

Get started free

About Corelight

Corelight builds an open network detection and response platform deployed as on-premise and cloud sensors to capture structured network telemetry and feed it to security operations centers. The platform specializes in transforming network traffic data into correlated evidence for threat detection, investigation, and hunting workflows. Customers include Fortune 500 companies, government agencies, and research universities. The engineering org is actively scaling internal infrastructure to handle massive network data volumes while systematizing product processes and delivery reliability. Sales operations span the United States, Germany, Australia, and India.

HeadquartersSan Francisco, CA
Company Size201–500 employees
Founded2016
Hiring MarketsUnited States, Germany, Australia, India

Frequently Asked Questions

What tech stack does Corelight use?

Zeek, Suricata, YARA, Python, Bash, AWS, Azure, GCP, Kafka, Elasticsearch, Splunk, Terraform, and Ansible. Currently adopting OpenAI, Anthropic, and Salesforce Agentforce for AI-driven features.

What is Corelight working on?

Open NDR platform releases, SIEM query/dashboard implementation, SOC/IR workflow automation, custom threat hunting content, and scalable test infrastructure for high-performance API services.

Similar Companies in Computer and Network Security

Other companies in the same industry, closest in size

Q
Quantinuum
Computer and Network Security

How this profile is built

Corelight's technology stack, projects, and hiring signals are inferred from public hiring and company data — career pages, public listings, and company web presence — then clustered and de-duplicated. Figures are estimates that refresh over time. Read our full methodology →

This is not an official vendor or customer list. It is a technology-adoption signal inferred from public data, intended for B2B research.