Corelight is setting a new standard in cybersecurity with its GenAI Accelerator Pack, leveraging advanced artificial intelligence to revolutionize network detection and response and enhance security operations center workflows.
This innovative pack introduces a Model Context Protocol (MCP) Server, Analyst Assistant Promptbooks, and Investigation Promptbooks. These components seamlessly integrate industry-standard network evidence with the power of large language models (LLMs), designed to accelerate and refine SOC operations.
Corelight’s commitment to GenAI leadership in the NDR segment is evident, particularly with the GenAI Accelerator Pack’s live preview at the Black Hat Network Operations Center (NOC). Here, Corelight serves as the sole NDR provider, continuously monitoring the network for malicious activity, showcasing its robust threat detection capabilities.
The company’s unique strategy combines sophisticated AI/ML detections within a multi-layered detection engine, all supported by forensic-grade network evidence. These detections drive GenAI-powered workflows that significantly accelerate triage processes, automate investigations, and empower analysts with flexible tools for diverse activities, leading to improved workflow automation.
A cornerstone of Corelight’s OpenNDR strategy is its focus on driving GenAI-based acceleration for analysts, both within Corelight products and through deep integrations with partner solutions like SIEMs. This approach is pivotal in enabling the emerging concept of the agentic SOC, where AI plays a more autonomous and supportive role in cybersecurity analysis.
The Model Context Protocol (MCP) Server is a key feature, providing a programmatic interface that allows analysts to harness the power of LLMs. It enables access to Corelight log, alert, and detection data directly from SIEM platforms (such as Splunk, Elastic, LogScale) through pre-built tools, translating complex queries into actionable insights using natural language for efficient threat detection.
Complementing the MCP Server are the Investigation Promptbooks and Analyst Assistant Promptbooks. These provide workflow LLM prompts and sample data to automate common alert investigations with transparent detailing of steps taken. They also support daily analyst activities, from alert translation to payload and alert session summaries, enhancing security operations efficiency.
The Corelight GenAI Accelerator Pack is currently accessible in private preview for existing customers, signifying a significant leap forward. Corelight’s vision for the future of cybersecurity is firmly rooted in an evidence-first, AI-accelerated paradigm, ensuring modern solutions for the evolving agentic SOC.
Leave a Reply